Merge version 20.19.2+dfsg-1+rpi1 and 20.19.2+dfsg-1+deb13u1 to produce 20.19.2+dfsg...

diff --cc debian/changelog
index 1ff99699a880cc243276ad2c82561014d44797f1,df77718949981a1beb66b8a44ca27e6e7951b500..36ebd08be4afb7d5b79c098bc0f9adb4745e97e0
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,11 -1,33 +1,42 @@@
- nodejs (20.19.2+dfsg-1+rpi1) trixie-staging; urgency=medium
++nodejs (20.19.2+dfsg-1+rpi1+deb13u1) trixie-staging; urgency=medium
 +
 +  [changes brought forward from 18.10.0+dfsg-6+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Tue, 15 Nov 2022 03:51:54 +0000]
 +  * Set --with-arm-version=6 on raspbian.
 +  * Use armv6k CFLAGS on raspbian.
 +  * Disable testsuite.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 06 Jun 2025 06:09:46 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 19 Mar 2026 14:04:43 +0000
++
+ nodejs (20.19.2+dfsg-1+deb13u1) trixie-security; urgency=medium
+ 
+   * Upstream security patches:
+     + CVE-2025-23085: follow-up fix wrong check for NGHTTP2_GOAWAY
+     + CVE-2026-21637: TLS error handling allows remote attackers to
+       crash or exhaust resources of a TLS server when `pskCallback`
+       or `ALPNCallback` are in use.
+     + CVE-2025-59465: malformed `HTTP/2 HEADERS` frame with oversized
+       invalid `HPACK` data can cause a crash.
+     + CVE-2025-55132: permission model allows a file's access and
+       modification timestamps to be changed via `futimes()` even when
+       the process has only read permissions.
+     + CVE-2025-55130: permissions model allows attackers to bypass
+       `--allow-fs-read` and `--allow-fs-write` restrictions using
+       crafted relative symlink paths.
+     + CVE-2025-59466: "Maximum call stack size exceeded" errors become
+       uncatchable when `async_hooks.createHook()` is enabled.
+     + CVE-2025-55131: buffer allocation logic can expose uninitialized
+       memory when allocations are interrupted, when using the `vm` module
+       with the timeout option.
+   * Upstream critical fixes (see sec/NN patches)
+     + zlib: fix pointer alignment (10)
+     + os: fix GetInterfaceAddresses memory leak (15)
+     + src: fix possible dereference of null pointers (17, 29)
+     + v8: fix missing callback in heap utils destroy (19)
+     + v8: loong64 - avoid memory access under stack pointer (27)
+     + http2: do not crash on mismatched ping buffer length (28)
+     + v8: riscv64 - Fix sp handling in MacroAssembler::LeaveFrame (44)
+ 
+  -- Jérémy Lal <kapouer@melix.org>  Thu, 05 Mar 2026 11:05:11 +0100
  
  nodejs (20.19.2+dfsg-1) unstable; urgency=medium