Your message dated Fri, 29 Aug 2025 22:47:28 +0000
with message-id <[email protected]>
and subject line Bug#1074047: fixed in nodejs 18.20.4+dfsg-1~deb12u1
has caused the Debian Bug report #1074047,
regarding nodejs: update to 18.20.3 on bookworm
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1074047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074047
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nodejs
Version: 18.19.0
Tags: bookworm
Multiple security issues have been fixed since 18.19.0. Version 18.20.x also
includes support for import attributes which improves compatibility with
Node.js 22.
--- End Message ---
--- Begin Message ---
Source: nodejs
Source-Version: 18.20.4+dfsg-1~deb12u1
Done: Jérémy Lal <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nodejs, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jérémy Lal <[email protected]> (supplier of updated nodejs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Jul 2024 17:36:33 +0200
Source: nodejs
Binary: libnode-dev libnode108 nodejs nodejs-doc
Architecture: source amd64 all
Version: 18.20.4+dfsg-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Javascript Maintainers
<[email protected]>
Changed-By: Jérémy Lal <[email protected]>
Description:
libnode-dev - evented I/O for V8 javascript (development files)
libnode108 - evented I/O for V8 javascript - runtime library
nodejs - evented I/O for V8 javascript - runtime executable
nodejs-doc - API documentation for Node.js, the javascript platform
Closes: 922075 1074047 1076350 1086652
Changes:
nodejs (18.20.4+dfsg-1~deb12u1) bookworm-security; urgency=medium
.
* New upstream version 18.20.4+dfsg. Closes: #1074047.
* M.U.T.: bump ada to 2.7.8, keep node-types to 18.18.14
for compatibility with other packages.
* test-runner-output is flaky on slow platforms
* Disable test-cluster-primary-* flaky/hanging tests.
* Fix test failing with openssl 3.0.14. Closes: #1086652.
* CVE-2024-22020: Bypass network import restriction via data URL (Medium)
* CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
* CVE-2024-27983: Assertion failed in
node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash (High)
* CVE-2024-27982: HTTP Request Smuggling via Content Length Obfuscation
(Medium)
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch()
brotli decoding (Medium)
* CVE-2024-21892: Code injection and privilege escalation
through Linux capabilities (High)
* CVE-2024-22019: Reading unprocessed HTTP request with
unbounded chunk extension allows DoS attacks (High)
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (Medium)
* Static link on 32bits architecture libuv. Closes: #922075, #1076350.
Thanks to Bastien Roucariès.
Checksums-Sha1:
76413b35260e2bb56588e68654d5e54a186a1740 4359 nodejs_18.20.4+dfsg-1~deb12u1.dsc
4e580579ef4a73cf6ab060c74433501f292c18d3 272924
nodejs_18.20.4+dfsg.orig-ada.tar.xz
4cad22f4545483163b468271d06f425b15f1dcf0 267236
nodejs_18.20.4+dfsg.orig-types-node.tar.xz
a0c8b9acf0982e9010edb24542aa83d55e65fbde 29390728
nodejs_18.20.4+dfsg.orig.tar.xz
efebd919d4ae4873bbf9b2e3fe365fbba1574be9 169104
nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
a06f8fb211d32325e7550a6c5726ce90a5d7cc3b 511368
libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
fd519d1ef11df91d34499f8430db078f3b5e680d 10626484
libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
6de046fe960c3ef0f49bea92ad732a874de4c2b5 3578752
nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
39febb2ce2af75dd635aef79d79346bb89cdfbc9 11456
nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
f9d9f762e7a0c1bc96ab4db0b31c77ce8f14c62e 319312
nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
Checksums-Sha256:
e872fc45081a436c62539c035c6eefab2abd83e66fa2752ab1a6f4a477857a27 4359
nodejs_18.20.4+dfsg-1~deb12u1.dsc
b58fd8b7ef61255b66d42b66e32e74ccdde61c4e02facd6b5a566618e32e993e 272924
nodejs_18.20.4+dfsg.orig-ada.tar.xz
5bd8293f0adfb7bc744e3071bdbd184fd02f973931396ba816ff61514ecd62a9 267236
nodejs_18.20.4+dfsg.orig-types-node.tar.xz
6ce58062c71eae37d9c5ac31eeaeff9c2d48561d21c2849179d056c9c1bd9ebc 29390728
nodejs_18.20.4+dfsg.orig.tar.xz
bd8b2acac5b28e88c3a452246b9c49de3c59814d33eae46c28173cac6de7a3b7 169104
nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
b88033e2e6ea9d151f43c2f161c29989e09d8cbe6b8b8707b9c8a2bcb53f5674 511368
libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
6b65a9d012a8822964bdc7dd7dc35a277c10e371bf057b30c1e41dfad09d3b64 10626484
libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
001502044dbbe143c94c680f1b618df94c285c19c467b237f0afa5f5df3fec47 3578752
nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
35ca205c33791474e85a12e6ed2cda058d18669b20487e4daefc67ea0ee6d328 11456
nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
30571c0188b04916112205268ac0b2740f02abac0a4e807b1730ea7df81a650f 319312
nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
Files:
d7a7712ea0fe9fdf293eed32e7a25ea8 4359 javascript optional
nodejs_18.20.4+dfsg-1~deb12u1.dsc
774dbd4a3931a17737b3c27a7a67d587 272924 javascript optional
nodejs_18.20.4+dfsg.orig-ada.tar.xz
8cabd2aa436c05f698a17368826a8645 267236 javascript optional
nodejs_18.20.4+dfsg.orig-types-node.tar.xz
157a1ca8a7c3ca2465402e0326511581 29390728 javascript optional
nodejs_18.20.4+dfsg.orig.tar.xz
6684db37386ed58a59c99a8756add91a 169104 javascript optional
nodejs_18.20.4+dfsg-1~deb12u1.debian.tar.xz
88989532bbf115aad8ee46e271f522cb 511368 libdevel optional
libnode-dev_18.20.4+dfsg-1~deb12u1_amd64.deb
df9ac0656df9e964ca6f0f29701aefaa 10626484 libs optional
libnode108_18.20.4+dfsg-1~deb12u1_amd64.deb
08e8da385d41c4c314309d40eac83432 3578752 doc optional
nodejs-doc_18.20.4+dfsg-1~deb12u1_all.deb
4c5db4b673a6f4c378fd78537a8c770b 11456 javascript optional
nodejs_18.20.4+dfsg-1~deb12u1_amd64.buildinfo
1e3bafbcaa5373d15fc73826cbe35483 319312 javascript optional
nodejs_18.20.4+dfsg-1~deb12u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmirp4MSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0suUQAIFsFTYVeSbUQ6e/MJET2W4mdOPUhg40
ZKqLAzBEkvYc8Qm+lAHfZpeNnG2b3ETf5CInjlKFt7ZV9yTdxVnpZslx1TEAk8r2
uBQzDZRogPJZGgfg7df3BgQ2/labolsSiwLGdtuHS3pbhy1G9cPPjHnSQ8OXM9UX
qE9Gxz6kMXdnHwWPdkJVNiGY819K6r5w4d+YwsEgEVMbMkukoXnGpG2ODI4/Jnjj
Eww8OdKJNgA8smRzUFNW1kAN3a+xeL100FIphQ171Lm+YwxCieVI8rkFq37d1nBd
PYGVx0iBW6fLJq59sHeTV2MpYQFVkRSGpt86UKv/dx/hrl6y6hM2VBmDa/IuMC3F
5XBkp/YlhXAIK0sFE9fHXeHccg0T+bOGhaakHBNskuLTZmj2tT5qr+hGXfcA4fDI
Cw1kpGsxPKxd8NbttCmIH2Rb5Oa7vjcPGpJy752D6CL8Hp2Z8SMLqyetgk2cIecD
19EsYhu9yn9cZr+TG55sIVNS2rqFCidjFJj5Er463jVkIdet6uN9qB0xRu4N1ep0
vZadXt7ghQC4aOc2gDRVMXRrf3n8tJMeh6ZwmixbCYx8jp0NOzZXy36TKb4oTHtr
0LmbJq561xkUFwgIgI6e62g0fhEdRpRToy5jp2Ka8mwi9KqvLTPziBYjMMRrH/MX
zIX9PoGePwkC
=6PZ8
-----END PGP SIGNATURE-----
pgpIztgC9t5ta.pgp
Description: PGP signature
--- End Message ---
