- nodejs (22.22.1+dfsg+~cs22.19.15-1+rpi1) forky-staging; urgency=medium
++nodejs (22.22.2+dfsg+~cs22.19.15-1+rpi1) forky-staging; urgency=medium
+
+ [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Tue, 15 Nov 2022 03:51:54 +0000]
+ * Set --with-arm-version=6 on raspbian.
+ * Use armv6k CFLAGS on raspbian.
+ * Disable testsuite.
+
- -- Raspbian forward porter <root@raspbian.org> Fri, 20 Mar 2026 09:25:18 +0000
++ -- Raspbian forward porter <root@raspbian.org> Fri, 03 Apr 2026 10:45:40 +0000
++
+ nodejs (22.22.2+dfsg+~cs22.19.15-1) unstable; urgency=medium
+
+ * New upstream version 22.22.2+dfsg+~cs22.19.15
+ * Security fixes:
+ + CVE-2026-21637: wrap SNICallback invocation in
+ try/catch (Matteo Collina) - High
+ + CVE-2026-21710: use null prototype for
+ headersDistinct/trailersDistinct (Matteo Collina) - High
+ + CVE-2026-21713: use timing-safe comparison
+ in Web Cryptography HMAC (Filip Skokan) - Medium
+ + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL
+ error code (RafaelGSS) - Medium
+ + CVE-2026-21717: test array index hash collision (Joyee Cheung) - Medium
+ + CVE-2026-21715: add permission check to realpath.native (RafaelGSS) - Low
+ + CVE-2026-21716: include permission check on lib/fs/promises (RafaelGSS) - Low
+
+ -- Jérémy Lal <kapouer@melix.org> Tue, 24 Mar 2026 22:38:48 +0100
nodejs (22.22.1+dfsg+~cs22.19.15-1) unstable; urgency=medium
projects / nodejs.git / commitdiff