summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Jérémy Lal [Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)]
nodejs (20.19.2+dfsg-1+deb13u2) trixie-security; urgency=medium
* Upstream security patches:
+ CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC
+ CVE-2026-21717: fix array index hash collision
+ CVE-2026-21710: http: use null prototype for headersDistinct/trailersDistinct
+ CVE-2026-21716: include permission check on lib/fs/promises
+ CVE-2026-21715: add permission check to realpath.native
+ CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code
+ CVE-2026-21637: tls wrap SNICallback invocation in try/catch
* copyright: add rapidhash from sec/51 patch
[dgit import unpatched nodejs 20.19.2+dfsg-1+deb13u2]
Jérémy Lal [Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)]
Import nodejs_20.19.2+dfsg-1+deb13u2.debian.tar.xz
[dgit import tarball nodejs 20.19.2+dfsg-1+deb13u2 nodejs_20.19.2+dfsg-1+deb13u2.debian.tar.xz]
Jérémy Lal [Wed, 14 May 2025 21:43:31 +0000 (23:43 +0200)]
Import nodejs_20.19.2+dfsg.orig.tar.xz
[dgit import orig nodejs_20.19.2+dfsg.orig.tar.xz]
Jérémy Lal [Wed, 14 May 2025 21:43:31 +0000 (23:43 +0200)]
Import nodejs_20.19.2+dfsg.orig-ada.tar.xz
[dgit import orig nodejs_20.19.2+dfsg.orig-ada.tar.xz]
Jérémy Lal [Wed, 14 May 2025 21:43:31 +0000 (23:43 +0200)]
Import nodejs_20.19.2+dfsg.orig-types-node.tar.xz
[dgit import orig nodejs_20.19.2+dfsg.orig-types-node.tar.xz]
projects / nodejs.git / log