-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 Dec 2023 18:07:36 +0100 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: armhf Version: 18.19.0+dfsg-6~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 1031834 1039990 1050739 1054892 Changes: nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium . * Upstream update. * CVE-2023-23918: Permissions policies can be bypassed via process.mainModule. Closes #1031834. * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto library. Closes: #1031834. * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable. Closes: #1031834. * CVE-2023-30590: DiffieHellman do not generate keys after setting a private key. Closes: #1039990. * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR. Closes: #1039990. * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates. Closes: #1039990. * CVE-2023-32559: Permissions policies can be bypassed via process.binding. Closes: #1050739. * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism. Closes: #1039990. * CVE-2023-32002: Permissions policies can be bypassed via Module._load. Closes: #1050739. * CVE-2023-32006: Permissions policies can impersonate other modules in using module.constructor.createRequire(). Closes: #1050739. * CVE-2023-38552: Integrity checks according to policies can be circumvented. Closes: #1054892. * CVE-2023-39333: Code injection via WebAssembly export names. Closes: #1054892. Checksums-Sha1: 93ec593b13fdf0997064654c967e2b89caef1503 503340 libnode-dev_18.19.0+dfsg-6~deb12u1_armhf.deb 2fc8d84e90690dfdd61c20de85fcd2fcb9f76cd1 33509396 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 2395626b21a6820ba7caa9236c051655840aa801 8992008 libnode108_18.19.0+dfsg-6~deb12u1_armhf.deb b0b85e40de381a57985e72b3014e679c08d4e61c 3244 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 5f219472f0846155c60c7081878383b3a72fb3d6 10706 nodejs_18.19.0+dfsg-6~deb12u1_armhf-buildd.buildinfo 77c35e65975588935ce96cd651b5c0a825f0aac9 318704 nodejs_18.19.0+dfsg-6~deb12u1_armhf.deb Checksums-Sha256: 3c2df615dff8e9a5b6ba79577cf8b6331e22b8fafed4fc071968acdafd0faf8c 503340 libnode-dev_18.19.0+dfsg-6~deb12u1_armhf.deb e2200dc8f903788b0714e06ede01a0e165abd68700a78809a080cbe1e7665fe0 33509396 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 41a6d29e7e7e117d512704bbed5c675fbcce961fbaf8464cb732ef67e4896f94 8992008 libnode108_18.19.0+dfsg-6~deb12u1_armhf.deb 067a3579e091df332c1bc2128685a0476d45171be2aa0688d5f43394abe3511f 3244 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 4065f0b6ec353df9b30c55eb8772245da5094dd7503ec718cb3a01b276a677fd 10706 nodejs_18.19.0+dfsg-6~deb12u1_armhf-buildd.buildinfo 63c67399260fd19c960a3e567b3e1a246e0970067399a5968fadb5d4d83865a1 318704 nodejs_18.19.0+dfsg-6~deb12u1_armhf.deb Files: e6e86adf8fcdbade2ec535cc53f72130 503340 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_armhf.deb de2401cdd294bc484983d21124f779e9 33509396 debug optional libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 5efac391817fad2cfcb5752c22a529be 8992008 libs optional libnode108_18.19.0+dfsg-6~deb12u1_armhf.deb 37221e930d1a6fd8d4f9c9652d533f3f 3244 debug optional nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_armhf.deb 11c9365f1ba6997b61c30abae7bb0105 10706 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_armhf-buildd.buildinfo 1a69ac4b5de22cb62c84d47c7ca0448e 318704 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmWGXx0ACgkQWTHLDRjM KsTaihAAuNqVgWiBzxFq4zAazxBnNRhlUOr84JbEPCOCoSRMnhnTU/EuPEeitV3g OYManuztjGOfe0rrzdywLFRUNoKJu8gmgltyv4fWnvESu7YzNG/s3AeQjZFJZr7f suzd6gK96dXCf9FMSxZEGWpQIVq/Uf3Ucv55shFTrFGBmqcUJmVTIk1T/+Tw6pzx uHBOefo5kIrKF+ygpAeEDhNbwVQFFzzGL0SlaSfUCgpjrcdVlaqQWm3ySxgrOCAs jjsxip1SyXEbpb4bGbIFS/BW98iU7sTMx35QxmLZsCVl3D7xobK5/lmweuscotK9 4cqKsTZZ9gcVA1r47eLf2LF+qZIvCaZynAQ0q/NXbDKqvtkFfl5ec/9picOXu/iO T1CSTntg5196unWckx975lqqIJg2YKN3i+GOTMiWxA7QOUldnfu8WuDCMSNYyYX0 I5JLgSqOe+lWzSv9Ctz+7TYTq7mr2qBgyWOlwQbLO5x9ghOKy+yCtbPeYeGAoVDB RyrN0fUfp+Kx3G4TSadZdwjReAMwrqBX4IdhdOgDTZR/M4gudgxBWQqaaUhBS5YX wpmz4Iyzv6GX8fvkGigV0INPzte9j2rYrD4jEp2tHKNMGIFpNKtV+kXQ1o1/lL0B 7CQZ+di8kSUhXvIJMmbYYJ9ReGKGNaJuI4T1G+7gOwnaYOQssSA= =8IaK -----END PGP SIGNATURE-----