-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 Dec 2023 18:07:36 +0100
Source: nodejs
Binary: libnode-dev libnode108 libnode108-dbgsym nodejs nodejs-dbgsym
Architecture: ppc64el
Version: 18.19.0+dfsg-6~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) <buildd_ppc64el-ppc64el-osuosl-02@buildd.debian.org>
Changed-By: Jérémy Lal <kapouer@melix.org>
Description:
 libnode-dev - evented I/O for V8 javascript (development files)
 libnode108 - evented I/O for V8 javascript - runtime library
 nodejs     - evented I/O for V8 javascript - runtime executable
Closes: 1031834 1039990 1050739 1054892
Changes:
 nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
 .
   * Upstream update.
   * CVE-2023-23918: Permissions policies can be bypassed via
     process.mainModule. Closes #1031834.
   * CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
     library. Closes: #1031834.
   * CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
     environment variable. Closes: #1031834.
   * CVE-2023-30590: DiffieHellman do not generate keys after setting a
     private key. Closes: #1039990.
   * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
     Closes: #1039990.
   * CVE-2023-30588: Process interuption due to invalid Public Key information
     in x509 certificates. Closes: #1039990.
   * CVE-2023-32559: Permissions policies can be bypassed via process.binding.
     Closes: #1050739.
   * CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
     Closes: #1039990.
   * CVE-2023-32002: Permissions policies can be bypassed via Module._load.
     Closes: #1050739.
   * CVE-2023-32006: Permissions policies can impersonate other modules in
     using module.constructor.createRequire(). Closes: #1050739.
   * CVE-2023-38552: Integrity checks according to policies can be
     circumvented. Closes: #1054892.
   * CVE-2023-39333: Code injection via WebAssembly export names.
     Closes: #1054892.
Checksums-Sha1:
 ce64bccd20c89aaae71e5e68d72be4701c5fbfdd 503328 libnode-dev_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 d5643592f1b33ef2d27a1f6c3e1c2a6a3128dcd2 884635932 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 00f69269d82bd7ef4ec62dfd4aac868de6bd58ba 10853300 libnode108_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 039a81b62cb280270c4e291168c40acf6c36a11e 68772 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 11cf110157b76dc217895b0bbc0a2e0c588bf290 10854 nodejs_18.19.0+dfsg-6~deb12u1_ppc64el-buildd.buildinfo
 0ec5f6c7e630139ed47d57b232a1d0ce5c7b6f1e 318828 nodejs_18.19.0+dfsg-6~deb12u1_ppc64el.deb
Checksums-Sha256:
 e1ce415433931c7abd3417dbe78ff0917cdcf0f75503b5f2a57b34371e3c3e76 503328 libnode-dev_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 95634a36313fd577baa1f150ecedcc29aa11c6d180785d038f9858544c24c5ee 884635932 libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 343604bdbe06aaa9889e217ccb5359f0075540517c9207bfbd22803e2024ed49 10853300 libnode108_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 860d48bb028afa2c97259418f19c03be2e2096bfe42604b3113363b9b60a6b16 68772 nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 462acaa7e6853339607cf66237b6f5074db199b3887d27097cb02e971b8818aa 10854 nodejs_18.19.0+dfsg-6~deb12u1_ppc64el-buildd.buildinfo
 47f7ea62e2345a78c63af73267b171f71cf9ff563909fe6dc2bb1bfe70cdc9bf 318828 nodejs_18.19.0+dfsg-6~deb12u1_ppc64el.deb
Files:
 e9ba7e7962c9695226a639b84e0cf642 503328 libdevel optional libnode-dev_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 8b7fe8bd2c6273ed0a25ef017cd275bb 884635932 debug optional libnode108-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 78c1f99e1e0ee48d2e3e058ef4b59333 10853300 libs optional libnode108_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 6152ab333cceceb9dcf3b82920315166 68772 debug optional nodejs-dbgsym_18.19.0+dfsg-6~deb12u1_ppc64el.deb
 fc1d18b2b8ad12f7b82a25147313eb1e 10854 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_ppc64el-buildd.buildinfo
 190ab4664b77b4c0bf2a2af3db58d010 318828 javascript optional nodejs_18.19.0+dfsg-6~deb12u1_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEHDNCkvGgp2XShfnByW8ECaj2byoFAmWF97IACgkQyW8ECaj2
bypErA//XseSQlcvAr1fKkdLs77WxafMgLoC6IKcm5eUFgOr/fWwdN4OGwSQe7PU
jDNUW6cQHYfLtHCJhAAcWZ3QpOMemNJB5bbCrr45bDHxYrMzYomO/xcMyeycpNhm
/34uhhdUYyEEbel9TQVcLFK67fRNecumawV/M+GIv10c/D3Hd0m3RxB8aMAvgeDM
reG2j7e/Lq7lYW1GICRtZIWLZyTDfjoXypWDePdKr28GShn57SNTIBNkBkgv+MW4
m1ZT8TdwyvftLs8OKycCw7mq0w904qI/H3zoin9FF0RmOqBADcx4Z3XchDR+0qyS
IF2cSwjCMWgVOVJYoMWJCHYieQzVA3iKSi3YWE/9Xj4kCusbexnwbMS5jeMW1PHL
bJD+lcTd+ekessl67KE77/XUcE73K91XK1yqWjK5QUFoh542ZNEwYqDL7ZPsc8eS
nQsFYtzV6D97irxFQWxOYwRSlPW2LOZjV1pn9S/vNH1D9U1TH0LCXKc5O7n2oIVb
7gjLyWRF2ZdaEYaCHncGDgP0F/WHaMwoVLB+UQv6uoOCSRP7IytQohTzni9lbUO+
aBWGTLoguooWcyfcZurRzJNJ9RUxm0a5z3kgkP51BHuYGvhyGKNP8EwoLLjYYTlt
cFJQxSD2yTscYU6NDNDyaxdLphwGWNELxEuQT7KX22yl/iKu1JI=
=4Fk3
-----END PGP SIGNATURE-----