-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Dec 2023 18:07:36 +0100
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: armel
Version: 18.19.0+dfsg-6~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: arm Build Daemon (arm-arm-03) <buildd_arm64-arm-arm-03@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 1031834 1039990 1050739 1054892
Changes:
 nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
 .
   * Upstream update.
   * CVE-2023-23918: Permissions policies can be bypassed via
     process.mainModule. Closes #1031834.
   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
     library. Closes: #1031834.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
     environment variable. Closes: #1031834.
   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
     private key. Closes: #1039990.
   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
     Closes: #1039990.
   * CVE-2023-30588: Process interuption due to invalid Public Key information
     in x509 certificates. Closes: #1039990.
   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
     Closes: #1050739.
   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
     Closes: #1039990.
   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
     Closes: #1050739.
   * CVE-2023-32006: Permissions policies can impersonate other modules in
     using module.constructor.createRequire(). Closes: #1050739.
   * CVE-2023-38552: Integrity checks according to policies can be
     circumvented. Closes: #1054892.
   * CVE-2023-39333: Code injection via WebAssembly export names.
     Closes: #1054892.
Checksums-Sha1:
 2df37c56d86220d1695c8e4e14be733428686797 503380 libnode-dev_18.19.0+dfsg-6~deb12u1_armel.deb
 5757005cac9c6a2781b7db2da497332f1ce251fb 33496560 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 1907860e75ab7b521973887b4fe6dccf60488dd1 8964460 libnode108_18.19.0+dfsg-6~deb12u1_armel.deb
 b204dc3c8993ee28f8564286cb9d6dd5160deba8 3244 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 7bdf9b1542c59288217ce523fc7f8067abadf3c4 10778 nodejs_18.19.0+dfsg-6~deb12u1_armel-buildd.buildinfo
 3c221db570f3d6485a3f5ed4406d3ef0c2cccfa8 318652 nodejs_18.19.0+dfsg-6~deb12u1_armel.deb
Checksums-Sha256:
 17aa1f55af0107bbd9eaa39e6b91bd7685754212a43bc81e774586ef47cb4026 503380 libnode-dev_18.19.0+dfsg-6~deb12u1_armel.deb
 c16915d706fe6fe461e5be48271917384da7e4a55572954f44b0dbf782713a47 33496560 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 9ce676d6882f7722a26c489021fc6ddc9432ef417aff40409de1a69cdc93bf30 8964460 libnode108_18.19.0+dfsg-6~deb12u1_armel.deb
 69c320aadc8bf885d31b4e81b141ce034bfee255595e30536f1fda0cbc8d2d65 3244 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 8603f6df83bc079da93f1e7ad04d65cad40b747cffecde887ad77d5567d8dc22 10778 nodejs_18.19.0+dfsg-6~deb12u1_armel-buildd.buildinfo
 3fcb2cefc0e660c0111330b27934c7ad8b3c0c1e4c8d34a37cdb1331cc1701c8 318652 nodejs_18.19.0+dfsg-6~deb12u1_armel.deb
Files:
 06d897846b3da0056b16e436294d728e 503380 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_armel.deb
 929f925bcbdba93fa77770c4733e743c 33496560 debug optional libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 293f2605e58f630367c0eb2adb295749 8964460 libs optional libnode108_18.19.0+dfsg-6~deb12u1_armel.deb
 8a28380f6a8f2f0f1c7d883ce007034b 3244 debug optional nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armel.deb
 c35cb6b08f34630627f9627a98d19c3d 10778 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_armel-buildd.buildinfo
 34f748eb33b205d8d31e43382446e2b8 318652 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExwLooY4pOBEnRvQOhwvc65q7iiUFAmWGeB4ACgkQhwvc65q7
iiUXmhAArEg4c3a29Wh3dXjh57JOj/coA0wJwh5iUBcD3PENkSTTJH0WP0dJgSn0
ksPU1StgHnO4kQw2tjO6W/LFKAqOTActb/crG+se8sbeJBRCCyM7cUaYCpxE1BOT
w942VqSV9R1HRI5toxKhTfkTI/osD2ARa1XOnZeewHEM+dHNyQKFRNe0jOzMbQqp
xbZDDfdXWjaLWATtSs8WYm374fGM/0jBhopurOVtoWxf4UuIyDUqElCeFUdPyTvF
pswuKBZG/xbHOmJculvXNWtegS2LY/YyCBRNk2Yf/b5atSTuvpOTui84477F6KGq
H4xY6/jDcahL6c6kfXGZQ5+dcnoi/EYb7+EnhaSxC6yV37Q1n1dmmxRxqI7sKUI6
pXSIz5R0LU89IL9FDtsDFn7/5KzBj8eKOiGryD/NoKHtdhaeT8gtA+hmtfk1kE48
kRcJe/+3hjLzlgc//scBu7EBsbh3g5tjVx6g0bgXDUp4CyVQX2hFGuFaL7MC9WB7
tP0O1Sv0zjHV3gJPcjihpPhLEVBRobyVtiBLUG7Jy038aG0hgtiMmIEPQDFMCPek
w7b35vak9OJL8rlvlTtvxBUtw7BOOn2RC2w4nq73kaaXnr+NoVXRjkV1bHrX0+cv
pimpa5FtIVt6vslC8xbSRFxfr5OI+ABp4x7XjhDJP3vaBKDkzZw=
=xuP6
-----END PGP SIGNATURE-----