- nodejs (20.19.2+dfsg-1+rpi1+deb13u1) trixie-staging; urgency=medium
++nodejs (20.19.2+dfsg-1+rpi1+deb13u2) trixie-staging; urgency=medium
+
+ [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Tue, 15 Nov 2022 03:51:54 +0000]
+ * Set --with-arm-version=6 on raspbian.
+ * Use armv6k CFLAGS on raspbian.
+ * Disable testsuite.
+
- -- Raspbian forward porter <root@raspbian.org> Thu, 19 Mar 2026 14:04:43 +0000
++ -- Raspbian forward porter <root@raspbian.org> Mon, 30 Mar 2026 11:02:46 +0000
++
+ nodejs (20.19.2+dfsg-1+deb13u2) trixie-security; urgency=medium
+
+ * Upstream security patches:
+ + CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC
+ + CVE-2026-21717: fix array index hash collision
+ + CVE-2026-21710: http: use null prototype for headersDistinct/trailersDistinct
+ + CVE-2026-21716: include permission check on lib/fs/promises
+ + CVE-2026-21715: add permission check to realpath.native
+ + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code
+ + CVE-2026-21637: tls wrap SNICallback invocation in try/catch
+ * copyright: add rapidhash from sec/51 patch
+
+ -- Jérémy Lal <kapouer@melix.org> Tue, 24 Mar 2026 22:11:25 +0100
nodejs (20.19.2+dfsg-1+deb13u1) trixie-security; urgency=medium
projects / nodejs.git / commitdiff