-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 20 Dec 2023 18:07:36 +0100
Source: nodejs
Binary: libnode-dev libnode108 nodejs nodejs-doc
Architecture: source amd64 all
Version: 18.19.0+dfsg-6~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
 nodejs-doc - API documentation for Node.js, the javascript platform
Closes: 1031834 1039990 1050739 1054892
Changes:
 nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
 .
   * Upstream update.
   * CVE-2023-23918: Permissions policies can be bypassed via
     process.mainModule. Closes #1031834.
   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
     library. Closes: #1031834.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
     environment variable. Closes: #1031834.
   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
     private key. Closes: #1039990.
   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
     Closes: #1039990.
   * CVE-2023-30588: Process interuption due to invalid Public Key information
     in x509 certificates. Closes: #1039990.
   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
     Closes: #1050739.
   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
     Closes: #1039990.
   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
     Closes: #1050739.
   * CVE-2023-32006: Permissions policies can impersonate other modules in
     using module.constructor.createRequire(). Closes: #1050739.
   * CVE-2023-38552: Integrity checks according to policies can be
     circumvented. Closes: #1054892.
   * CVE-2023-39333: Code injection via WebAssembly export names.
     Closes: #1054892.
Checksums-Sha1:
 5c9ba67d633821d2099506acc6d5db43ee3d5ee5 4359 nodejs_18.19.0+dfsg-6~deb12u1.dsc
 2540b9b84f230689afcbf507a307d46d4ef2a411 269724 nodejs_18.19.0+dfsg.orig-ada.tar.xz
 4cad22f4545483163b468271d06f425b15f1dcf0 267236 nodejs_18.19.0+dfsg.orig-types-node.tar.xz
 c13643047f17105984c02bdd123c4d39beda156b 28794768 nodejs_18.19.0+dfsg.orig.tar.xz
 eea9120dfa45899f40e62516895f69587c24e16f 166408 nodejs_18.19.0+dfsg-6~deb12u1.debian.tar.xz
 c4e6203abd1c8757d1928dbd4a5e337439eb99f9 503364 libnode-dev_18.19.0+dfsg-6~deb12u1_amd64.deb
 17c87755aea49527dc180260184ae75a89fa8080 10548072 libnode108_18.19.0+dfsg-6~deb12u1_amd64.deb
 a0813bea42eeead268ec77db4ad66c167572c27b 3569432 nodejs-doc_18.19.0+dfsg-6~deb12u1_all.deb
 cc1906898782233c5c1ff5010582a1c847ad4dc8 10936 nodejs_18.19.0+dfsg-6~deb12u1_amd64.buildinfo
 62456a9ac9af80aaa8ecf0ca85f93849363e2296 318736 nodejs_18.19.0+dfsg-6~deb12u1_amd64.deb
Checksums-Sha256:
 78bf3883bd7bea2c6495020d9a183769ea33b5d0b32b6babf2550d076b8ffca7 4359 nodejs_18.19.0+dfsg-6~deb12u1.dsc
 0c3caa8771a2bc6ac5d32912d07383dcae8a0cf145ed6f7017cbf6b41478acd2 269724 nodejs_18.19.0+dfsg.orig-ada.tar.xz
 5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236 nodejs_18.19.0+dfsg.orig-types-node.tar.xz
 3bbb4c7e3196be83085b181de90def38b96a5f0d2999d86f00658bc2aa692705 28794768 nodejs_18.19.0+dfsg.orig.tar.xz
 54a8fe0757f3a692869667f406727fa46411f15a42da22e8bda43d4ec72b4940 166408 nodejs_18.19.0+dfsg-6~deb12u1.debian.tar.xz
 da7a5b8ecb2413f7d2e6ce0a81abd628bc3f5ac116faacb91c8ac248c53a9d9b 503364 libnode-dev_18.19.0+dfsg-6~deb12u1_amd64.deb
 164ab232abf375eddbbafdaa953306ae0348bcdeba33ac439e2024008e67ff8e 10548072 libnode108_18.19.0+dfsg-6~deb12u1_amd64.deb
 3e29ef4c58025c8b931d402a8cabfcbd03cac8b817d9321229e9987258c86ded 3569432 nodejs-doc_18.19.0+dfsg-6~deb12u1_all.deb
 c08b75165134f54093fc886ff20398068ddaab2c28e487dd146ea102e5c839b7 10936 nodejs_18.19.0+dfsg-6~deb12u1_amd64.buildinfo
 81dd77001ae1d4019e06bece8a0f6b8a22e97580d13528196f8a89b400cf82c2 318736 nodejs_18.19.0+dfsg-6~deb12u1_amd64.deb
Files:
 8c6544194de9d7c1eae4a2d1513c9cb2 4359 javascript optional nodejs_18.19.0+dfsg-6~deb12u1.dsc
 327a080764e93ab10a593efba5b84fd3 269724 javascript optional nodejs_18.19.0+dfsg.orig-ada.tar.xz
 8cabd2aa436c05f698a17368826a8645 267236 javascript optional nodejs_18.19.0+dfsg.orig-types-node.tar.xz
 945588714462db1adddad53ebee66b3b 28794768 javascript optional nodejs_18.19.0+dfsg.orig.tar.xz
 585e641a77a377147e363aea9ffeedde 166408 javascript optional nodejs_18.19.0+dfsg-6~deb12u1.debian.tar.xz
 05bf88f0e7e2ac1a30e86b8ce00dda21 503364 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_amd64.deb
 d6eb05097fa3de0e6f3de1400a5024e6 10548072 libs optional libnode108_18.19.0+dfsg-6~deb12u1_amd64.deb
 4aa5b543721a9d2e3e4ac0df7a0cd4d1 3569432 doc optional nodejs-doc_18.19.0+dfsg-6~deb12u1_all.deb
 d54db5ff4b251e5e3738a6726cb3bc9f 10936 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_amd64.buildinfo
 d04a8dc597869b7672801fccb2ed6cb2 318736 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmWF5voSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0f6cP/0pLuQvD+qgRRilI3e8hw+cPuQSxR6QN
j1UnGoqZQuIS9jOJzhFjwHpo5BAN/sfi8LmBtm1NyH573Q47iIGM3XQGsYm5FccV
dZCDWP3g8tIrfh4d/jQSESdKSUudrxA/c1c9H4cF58g9DAkHTFQzUUkf7Sd2s+Nz
o/Tq+k9H1+Ax4BpTZwqLP1SBycrALVeOVGIsEwlwsDkpaBbxdsW4FuR9zL+374jh
LwriUJ0QYTvy5ZFK4XOw6sYEFrFpma6izuS0vSkLQ5K0mOL8LCDB1OmN6NGxFRfE
vlOiDgnxBZwF00LW4VEe7E6MGSIwItmk8T36BdYqSzVkq25As+SQ5Sev8pb6DjWE
PWSt5/1OG/qvQznrXrIIvUuu4rR+35zC6RednVKIfKuOMjBUQrG+UP/AFmq6lcND
hUps5rDLdAy8mtZfBwng8vOoN6dzDsaWyESTGMjXpq0mzuxmDDOjeM46d7Hyqhfp
esz1sJqt+x84C6Mdjq97Rz0WY+LubEHxmcKDHZQK8IiHoik9XBGHSgAGFVzHyEiq
u52bZ47yzlVf1pR5pZZk0EDEEb8JrKjynyxTSkoZ2a7aB6mGSqAd6tV2xkGgFjY4
1ZAwtOOz/puR6SuxHUfG4fNgJUsFv0CE8OSk20pIuJ+WIPgA+RB/V25DP3Hbpxqx
Bz7lyJctliRV
=LB3Q
-----END PGP SIGNATURE-----