nodejs (18.19.0+dfsg-6~deb12u1) bookworm-security; urgency=medium
* Upstream update.
* CVE-2023-23918: Permissions policies can be bypassed via
process.mainModule. Closes #
1031834.
* CVE-2023-23919: OpenSSL error handling issues in nodejs crypto
library. Closes: #
1031834.
* CVE-2023-23920: Insecure loading of ICU data through ICU_DATA
environment variable. Closes: #
1031834.
* CVE-2023-30590: DiffieHellman do not generate keys after setting a
private key. Closes: #
1039990.
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR.
Closes: #1039990.
* CVE-2023-30588: Process interuption due to invalid Public Key information
in x509 certificates. Closes: #
1039990.
* CVE-2023-32559: Permissions policies can be bypassed via process.binding.
Closes: #1050739.
* CVE-2023-30581: mainModule.proto bypass experimental policy mechanism.
Closes: #1039990.
* CVE-2023-32002: Permissions policies can be bypassed via Module._load.
Closes: #1050739.
* CVE-2023-32006: Permissions policies can impersonate other modules in
using module.constructor.createRequire(). Closes: #
1050739.
* CVE-2023-38552: Integrity checks according to policies can be
circumvented. Closes: #
1054892.
* CVE-2023-39333: Code injection via WebAssembly export names.
Closes: #1054892.
[dgit import unpatched nodejs 18.19.0+dfsg-6~deb12u1]
projects / nodejs.git / commit