From: Raspbian automatic forward porter Date: Mon, 30 Mar 2026 11:02:47 +0000 (+0100) Subject: Merge version 20.19.2+dfsg-1+rpi1+deb13u1 and 20.19.2+dfsg-1+deb13u2 to produce 20... X-Git-Tag: archive/raspbian/20.19.2+dfsg-1+rpi1+deb13u2^0 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de//%22%22/%22http:/www.example.com/%22mailto:kde%40ewsoftware.de/%22%22?a=commitdiff_plain;h=0df5f0dcb5b40bf3cc28541bd8e42a6b583653d0;p=nodejs.git Merge version 20.19.2+dfsg-1+rpi1+deb13u1 and 20.19.2+dfsg-1+deb13u2 to produce 20.19.2+dfsg-1+rpi1+deb13u2 --- 0df5f0dcb5b40bf3cc28541bd8e42a6b583653d0 diff --cc debian/changelog index 36ebd08be,108a85d4d..a59b74d6c --- a/debian/changelog +++ b/debian/changelog @@@ -1,11 -1,16 +1,25 @@@ - nodejs (20.19.2+dfsg-1+rpi1+deb13u1) trixie-staging; urgency=medium ++nodejs (20.19.2+dfsg-1+rpi1+deb13u2) trixie-staging; urgency=medium + + [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green at Tue, 15 Nov 2022 03:51:54 +0000] + * Set --with-arm-version=6 on raspbian. + * Use armv6k CFLAGS on raspbian. + * Disable testsuite. + - -- Raspbian forward porter Thu, 19 Mar 2026 14:04:43 +0000 ++ -- Raspbian forward porter Mon, 30 Mar 2026 11:02:46 +0000 ++ + nodejs (20.19.2+dfsg-1+deb13u2) trixie-security; urgency=medium + + * Upstream security patches: + + CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC + + CVE-2026-21717: fix array index hash collision + + CVE-2026-21710: http: use null prototype for headersDistinct/trailersDistinct + + CVE-2026-21716: include permission check on lib/fs/promises + + CVE-2026-21715: add permission check to realpath.native + + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code + + CVE-2026-21637: tls wrap SNICallback invocation in try/catch + * copyright: add rapidhash from sec/51 patch + + -- Jérémy Lal Tue, 24 Mar 2026 22:11:25 +0100 nodejs (20.19.2+dfsg-1+deb13u1) trixie-security; urgency=medium