-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Dec 2023 18:07:36 +0100
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: s390x
Version: 18.19.0+dfsg-6~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 1031834 1039990 1050739 1054892
Changes:
 nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
 .
   * Upstream update.
   * CVE-2023-23918: Permissions policies can be bypassed via
     process.mainModule. Closes #1031834.
   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
     library. Closes: #1031834.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
     environment variable. Closes: #1031834.
   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
     private key. Closes: #1039990.
   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
     Closes: #1039990.
   * CVE-2023-30588: Process interuption due to invalid Public Key information
     in x509 certificates. Closes: #1039990.
   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
     Closes: #1050739.
   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
     Closes: #1039990.
   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
     Closes: #1050739.
   * CVE-2023-32006: Permissions policies can impersonate other modules in
     using module.constructor.createRequire(). Closes: #1050739.
   * CVE-2023-38552: Integrity checks according to policies can be
     circumvented. Closes: #1054892.
   * CVE-2023-39333: Code injection via WebAssembly export names.
     Closes: #1054892.
Checksums-Sha1:
 c78e2a4313bab46e2cbb0bcf8c1e1699f2923168 503268 libnode-dev_18.19.0+dfsg-6~deb12u1_s390x.deb
 9c04033ee8d306ed6b911b1c8c1309f22fd902b8 918275632 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 8b6d43fc472d08527bfac2c0d7a332bdb5f5f2cc 9702064 libnode108_18.19.0+dfsg-6~deb12u1_s390x.deb
 4cced657f0bbec7bf24acc98a5e7060fc0df99e2 68648 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 f9c9da6d67fb8ff52ffb1f52de8b07d327733ea2 10732 nodejs_18.19.0+dfsg-6~deb12u1_s390x-buildd.buildinfo
 a562f4dddf7848b3d0c5db5d6c580279ff231fc8 318560 nodejs_18.19.0+dfsg-6~deb12u1_s390x.deb
Checksums-Sha256:
 3e9006f1829f3c37e59dbabb7a80daeca6d80435fee0043f77d16bb6581e3eda 503268 libnode-dev_18.19.0+dfsg-6~deb12u1_s390x.deb
 e06a66e4d72c9291f962a60559220f92395738c102959f1f46925a366fbb7716 918275632 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 fdfda539d4c536e516328a6e8d321cb31bf9c04e5d099a980460906dfb7447d7 9702064 libnode108_18.19.0+dfsg-6~deb12u1_s390x.deb
 1651b6223adaec80ff128c095a09856cd12ebe8c6577ba378f441dbfc56ad765 68648 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 a04e978bca8ceb2bc4db12395228a0006e2bcf4005a27478d9b8f260ef435390 10732 nodejs_18.19.0+dfsg-6~deb12u1_s390x-buildd.buildinfo
 78572179bdeaf8812926faca43c923f8ac086a8780e1c0f3690f3230a2a75cc3 318560 nodejs_18.19.0+dfsg-6~deb12u1_s390x.deb
Files:
 e35456c60fbb1b7a95f59251b7aea08b 503268 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_s390x.deb
 d1e4fd36e617be4d72817d400d09b15a 918275632 debug optional libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 0daf64340a6fbf4ac7270ac6c48d45b5 9702064 libs optional libnode108_18.19.0+dfsg-6~deb12u1_s390x.deb
 67cef4b738077cf1126a879c53b5c188 68648 debug optional nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_s390x.deb
 93f5d5f6fdf72ed18bc8a881f25d73bf 10732 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_s390x-buildd.buildinfo
 bdf8081f2bf1458262b7f10229ecb28b 318560 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEctqRAwcjFMIrbct74euoNlQ3ywQFAmWGBKQACgkQ4euoNlQ3
ywTdUw/8CH2GrzSK6Z8PUb4UomZwH3CcCMW11KO0rRzK8Ic2j2rEeRblI9oCjYSJ
0D9daN/IueJenWDBp8iT+htFJC3UCTgCnlETGwyf00IAT1NBW0oBSA26VSAChDqB
z30/f1FY8o46sA5PoY+VClrRtNZJRh/X57QFhgmdM+xkhQcoIPFiLdHKUkUlUii7
B4WTBr8nva9MXW/kxO9d7Fbr3zTvru9OZmkKT5Uk3yTZ9p/Smf7D2O0ss/sIaEwV
whTL/KJMy3yd+Q1pYupR6w2E2AQRTNPo/nd3C1UJ1R9w7C27IQH2jF5MsNShYG8l
BWmnubgJAsrybQsSkcnOrOQ2D+OE3y67slSLd9/2SLKQNyRyYIlE2Dg2zj/H+EPS
D3vWuRqwECauj+G0bjQA8+RCvtOIJo8rq7fW9QIeHMA5gJNF3TB0ZI5MydrCBdfx
Seba/ayb36yEkg0hofjd8dMNx2yAbXE1YX7jwAXVphzkE920i9cmC5dC6jA5pu51
hGZngJBtByeSdJzJgj7afw0X3npWcrahys7MWvPYlsjczI+4qh6K864ACBKQjDt3
BnXDuoisFBzhnmjA2kDYoxu8lAdh5zv6HKj5xHXOMyfiB6zMnDrt61Jp5g0iV62U
uokanlgpDpCtFIpvzq3jHabVKxuE8qMmLNQIzJxRcae/j+/mgvM=
=9Mcz
-----END PGP SIGNATURE-----