From: Raspbian automatic forward porter Date: Fri, 3 Apr 2026 10:45:41 +0000 (+0100) Subject: Merge version 22.22.1+dfsg+~cs22.19.15-1+rpi1 and 22.22.2+dfsg+~cs22.19.15-1 to produ... X-Git-Tag: archive/raspbian/22.22.2+dfsg+_cs22.19.15-1+rpi1^0 X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com//%22mailto:sonu.itbhu%40googlemail.com/%22/%22http:/www.example.com/%22mailto:sonu.itbhu%40googlemail.com/%22?a=commitdiff_plain;h=4478435a5ec5248181b5040ffdfab50f262f1e0f;p=nodejs.git Merge version 22.22.1+dfsg+~cs22.19.15-1+rpi1 and 22.22.2+dfsg+~cs22.19.15-1 to produce 22.22.2+dfsg+~cs22.19.15-1+rpi1 --- 4478435a5ec5248181b5040ffdfab50f262f1e0f diff --cc debian/changelog index 8a5ab1260,65c1b3317..123130144 --- a/debian/changelog +++ b/debian/changelog @@@ -1,11 -1,20 +1,29 @@@ - nodejs (22.22.1+dfsg+~cs22.19.15-1+rpi1) forky-staging; urgency=medium ++nodejs (22.22.2+dfsg+~cs22.19.15-1+rpi1) forky-staging; urgency=medium + + [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green at Tue, 15 Nov 2022 03:51:54 +0000] + * Set --with-arm-version=6 on raspbian. + * Use armv6k CFLAGS on raspbian. + * Disable testsuite. + - -- Raspbian forward porter Fri, 20 Mar 2026 09:25:18 +0000 ++ -- Raspbian forward porter Fri, 03 Apr 2026 10:45:40 +0000 ++ + nodejs (22.22.2+dfsg+~cs22.19.15-1) unstable; urgency=medium + + * New upstream version 22.22.2+dfsg+~cs22.19.15 + * Security fixes: + + CVE-2026-21637: wrap SNICallback invocation in + try/catch (Matteo Collina) - High + + CVE-2026-21710: use null prototype for + headersDistinct/trailersDistinct (Matteo Collina) - High + + CVE-2026-21713: use timing-safe comparison + in Web Cryptography HMAC (Filip Skokan) - Medium + + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL + error code (RafaelGSS) - Medium + + CVE-2026-21717: test array index hash collision (Joyee Cheung) - Medium + + CVE-2026-21715: add permission check to realpath.native (RafaelGSS) - Low + + CVE-2026-21716: include permission check on lib/fs/promises (RafaelGSS) - Low + + -- Jérémy Lal Tue, 24 Mar 2026 22:38:48 +0100 nodejs (22.22.1+dfsg+~cs22.19.15-1) unstable; urgency=medium