-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 20 Dec 2023 18:07:36 +0100 Source: nodejs Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym Architecture: i386 Version: 18.19.0+dfsg-6~deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode108 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Closes: 1031834 1039990 1050739 1054892 Changes: nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium . * Upstream update. * CVE-2023-23918: Permissions policies can be bypassed via process.mainModule. Closes #1031834. * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto library. Closes: #1031834. * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable. Closes: #1031834. * CVE-2023-30590: DiffieHellman do not generate keys after setting a private key. Closes: #1039990. * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR. Closes: #1039990. * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates. Closes: #1039990. * CVE-2023-32559: Permissions policies can be bypassed via process.binding. Closes: #1050739. * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism. Closes: #1039990. * CVE-2023-32002: Permissions policies can be bypassed via Module._load. Closes: #1050739. * CVE-2023-32006: Permissions policies can impersonate other modules in using module.constructor.createRequire(). Closes: #1050739. * CVE-2023-38552: Integrity checks according to policies can be circumvented. Closes: #1054892. * CVE-2023-39333: Code injection via WebAssembly export names. Closes: #1054892. Checksums-Sha1: 9dd2e03d538107164d05bfafe88fcb4558b26ae9 503296 libnode-dev_18.19.0+dfsg-6~deb12u1_i386.deb 71fc88377952d248eca7fe2f254048de08cdb611 34207400 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb c4ac6db212b101ee60cef398884e73681b90a254 10644796 libnode108_18.19.0+dfsg-6~deb12u1_i386.deb 43b2040f9292daf9f03a2841000ecb32925b0c7f 2960 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb d4b42b9998c4da5977fc74da342d887267611a58 10828 nodejs_18.19.0+dfsg-6~deb12u1_i386-buildd.buildinfo 82ad5977afb64a9d55429e8d546eb7d3dcd6ee5d 318728 nodejs_18.19.0+dfsg-6~deb12u1_i386.deb Checksums-Sha256: dc41e8ddd82351234da8b1bfb8127b5169ba5c87ac0d1f81cb7bdbaba1da3cf7 503296 libnode-dev_18.19.0+dfsg-6~deb12u1_i386.deb 70459e381f09edb507707986e11e1aabece5265e1895beca8df3fb73cf463bad 34207400 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb 149f5556cf659fc271e2ebb5167f03a1f14fc57b5d6ff588f22c3f44aa0d1e7c 10644796 libnode108_18.19.0+dfsg-6~deb12u1_i386.deb 6e0a4d59a8c34d30d479fd1bbc20acb9f1516404e788c5727b9eaa94d636e85c 2960 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb 4c6d4b8557c741198b02179162c616e4391a8c6466dc7f759152ecebe40853d9 10828 nodejs_18.19.0+dfsg-6~deb12u1_i386-buildd.buildinfo 002dd3df5a4d16166b737a5927e03a7ffc68120194263c731fb8c61c223c441d 318728 nodejs_18.19.0+dfsg-6~deb12u1_i386.deb Files: 160280f27065fe0d5d6e63647b4276fd 503296 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_i386.deb ed8032989d323e1dd35f552703c31222 34207400 debug optional libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb 314a19b659cb34345c881366a0832dd0 10644796 libs optional libnode108_18.19.0+dfsg-6~deb12u1_i386.deb a6a463ec822eb07431ffb8ab7c27c672 2960 debug optional nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_i386.deb adeb7ffcf6c95c55dd6999cda05b63de 10828 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_i386-buildd.buildinfo 59d31943d7d8f30337fad579556bf054 318728 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEqYm4ZPyuLwhx8Meo2VckltclZ4AFAmWGGuAACgkQ2Vckltcl Z4ABHQ/9H78rfXm/x794be9VFrxZZh5GLln3qSQZaHWSQBwVcAXXODPx7UOJXGu3 qNmjjpnKlD/dn3y/IEoH+qTgOXaNBrR/aEyaNV7EbXfDjPYjffdjqSw9Dk9MmLQY b6VMPM289vCQKxHwm8ZmEAHVygn1p+kCMFGB1twE2R0NPlVnS2bYF3bNSvlQC+dO 5WEuv9c1a82Zggc30PPcOG8Ms/QvVm5jiF7ISHbke0zHOwrSO5NhUpnE/DptgNIb zuSdDyL3uZa8Ii3TnevUZuakm+6AA6rGEjPROv0kuXj0uXlaF+WFMHnykiFCVJQ2 7B/KpoQMGdIwR5P/cRMVlW9djU9Y8+WER6nbPY6DqcBIy/lkaNb1ifGwP6UInZx3 kiK7E1vIdssFOpEoXZWUabQGw632G4LttGmVVLwZ2aupVA6cE3i3UwKLhWs8L8bO 1KM5gdZgFeg+ByyTKX9s+/3yRShxvpXuM/NefvFp2RQjSzSn810x1Nvi5oXKCAYn 0DI0ETcWRStvCPHICLICA5RzeeKTKEerGkHWYYZDlVyBRxhN5UGoWnVeCGKG+v29 5b8gqFi2X4rJqCHFdb07kNv2vyoMMFwlKm+6YxfjMpECJtqXG/AMdUJZbHG4DiX5 ZavpEiq7Fsfg4+WxBbcGbKZRqg07g/2AoJHTd7SWlYRRNbAtp/U= =Iq9L -----END PGP SIGNATURE-----