projects / nodejs.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
nodejs.git
17 months ago[PATCH] Add a CipherString for nodejs
commit | commitdiff | tree
Sebastian Andrzej Siewior [Fri, 23 Sep 2022 20:39:50 +0000 (22:39 +0200)]
[PATCH] Add a CipherString for nodejs

If the default security level is overwritten at build time of openssl
then it is needed to lower it again for nodejs in order to pass the
testsuite because it is using smoil keys.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Gbp-Pq: Topic build
Gbp-Pq: Name openssl_config_explicit_lower.patch

17 months agonodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
commit | commitdiff | tree
Jérémy Lal [Tue, 9 Jul 2024 15:36:33 +0000 (17:36 +0200)]
nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium

  * New upstream version 18.20.4+dfsg. Closes: #1074047.
  * M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
    for compatibility with other packages.
  * test-runner-output is flaky on slow platforms
  * Disable test-cluster-primary-* flaky/hanging tests.
  * Fix test failing with openssl 3.0.14. Closes: #1086652.
  * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
  * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
  * CVE-2024-27983: Assertion failed in node::http2::Http2Session::~Http2Session()
    leads to HTTP/2 server crash (High)
  * CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation (Medium)
  * CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
    brotli decoding (Medium)
  * CVE-2024-21892: Code injection and privilege escalation
    through Linux capabilities (High)
  * CVE-2024-22019: Reading unprocessed HTTP request with
    unbounded chunk extension allows DoS attacks (High)
  * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
  * Static link on 32bits architecture libuv. Closes: #922075, #1076350.
    Thanks to Bastien Roucariès.

[dgit import unpatched nodejs 18.20.4+dfsg-1~deb12u1]

17 months agoImport nodejs_18.20.4+dfsg.orig.tar.xz
commit | commitdiff | tree
Jérémy Lal [Tue, 9 Jul 2024 15:36:33 +0000 (17:36 +0200)]
Import nodejs_18.20.4+dfsg.orig.tar.xz

[dgit import orig nodejs_18.20.4+dfsg.orig.tar.xz]

17 months agoImport nodejs_18.20.4+dfsg.orig-ada.tar.xz
commit | commitdiff | tree
Jérémy Lal [Tue, 9 Jul 2024 15:36:33 +0000 (17:36 +0200)]
Import nodejs_18.20.4+dfsg.orig-ada.tar.xz

[dgit import orig nodejs_18.20.4+dfsg.orig-ada.tar.xz]

17 months agoImport nodejs_18.20.4+dfsg.orig-types-node.tar.xz
commit | commitdiff | tree
Jérémy Lal [Tue, 9 Jul 2024 15:36:33 +0000 (17:36 +0200)]
Import nodejs_18.20.4+dfsg.orig-types-node.tar.xz

[dgit import orig nodejs_18.20.4+dfsg.orig-types-node.tar.xz]

17 months agoImport nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
commit | commitdiff | tree
Jérémy Lal [Tue, 9 Jul 2024 15:36:33 +0000 (17:36 +0200)]
Import nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz

[dgit import tarball nodejs 18.20.4+dfsg-1~deb12u1 nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz]

Unnamed repository; edit this file 'description' to name the repository.