[ubuntu/oracular-proposed] nodejs 20.15.1+dfsg-1ubuntu1 (Accepted)

Gianfranco Costamagna locutusofborg at debian.org
Wed Jul 10 06:11:22 UTC 2024 

nodejs (20.15.1+dfsg-1ubuntu1) oracular; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Use Ubuntu openssl patch and approach, the Debian one
      makes testsuite fail.
    - Drop the python3-distutils dependency
    - fix strace openat autopkgtest
    - Add tzdata-icu and strace to test

nodejs (20.15.1+dfsg-1) unstable; urgency=medium

  * New upstream version 20.15.1+dfsg
  * Fix watch file to ensure ada 2.7.8
  * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
  * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
  * CVE-2024-22018: fs.lstat bypasses permission model (Low)
  * CVE-2024-36137: fs.fchown/fchmod bypasses permission model (Low)
  * CVE-2024-37372: Permission model improperly processes UNC paths (Low)
  * Add another failing test to loong64/mips64el

Date: Wed, 10 Jul 2024 08:06:47 +0200
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
https://launchpad.net/ubuntu/+source/nodejs/20.15.1+dfsg-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 10 Jul 2024 08:06:47 +0200
Source: nodejs
Built-For-Profiles: noudeb
Architecture: source
Version: 20.15.1+dfsg-1ubuntu1
Distribution: oracular
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at alioth-lists.debian.net>
Changed-By: Gianfranco Costamagna <locutusofborg at debian.org>
Changes:
 nodejs (20.15.1+dfsg-1ubuntu1) oracular; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
     - Use Ubuntu openssl patch and approach, the Debian one
       makes testsuite fail.
     - Drop the python3-distutils dependency
     - fix strace openat autopkgtest
     - Add tzdata-icu and strace to test
 .
 nodejs (20.15.1+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 20.15.1+dfsg
   * Fix watch file to ensure ada 2.7.8
   * CVE-2024-36138: Bypass incomplete fix of CVE-2024-27980 (High)
   * CVE-2024-22020: Bypass network import restriction via data URL (Medium)
   * CVE-2024-22018: fs.lstat bypasses permission model (Low)
   * CVE-2024-36137: fs.fchown/fchmod bypasses permission model (Low)
   * CVE-2024-37372: Permission model improperly processes UNC paths (Low)
   * Add another failing test to loong64/mips64el
Checksums-Sha1:
 3a44c7b61a0cc7b1026146a62ec8cf83f40589e3 4165 nodejs_20.15.1+dfsg-1ubuntu1.dsc
 4e580579ef4a73cf6ab060c74433501f292c18d3 272924 nodejs_20.15.1+dfsg.orig-ada.tar.xz
 220378cb9cffb6eb6856da23c63f2c94bdf1146c 293320 nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 8bf171cece56133d857ad5eda7072e4bf9aa5246 30095988 nodejs_20.15.1+dfsg.orig.tar.xz
 37495332221ee318f9b16ef09ca5be6797e0a285 167200 nodejs_20.15.1+dfsg-1ubuntu1.debian.tar.xz
 9e829bf59837a4eef8a486093e280b7bea1b30bc 11587 nodejs_20.15.1+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
 31e39770c695be6308f8f0525cb25045125d84f87b0e44843071be8182705618 4165 nodejs_20.15.1+dfsg-1ubuntu1.dsc
 b58fd8b7ef61255b66d42b66e32e74ccdde61c4e02facd6b5a566618e32e993e 272924 nodejs_20.15.1+dfsg.orig-ada.tar.xz
 b961352cb912d7bfcb2ac858bcc1a4441f081db71acba2f0b6d26ab7c22c8074 293320 nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 45b5a7cbaf187588ea0fdc90f2cc8477df5225eb453f587a65e747522a801381 30095988 nodejs_20.15.1+dfsg.orig.tar.xz
 ec8c896a8d1a9d5f7b96f07f0324be8539ebd8aa48f2f666aa04688ae6029f1c 167200 nodejs_20.15.1+dfsg-1ubuntu1.debian.tar.xz
 95b9e448d1a0ce367b9db925532c46c76c5b13e85a278c9d0e183e6eb6358c3c 11587 nodejs_20.15.1+dfsg-1ubuntu1_source.buildinfo
Files:
 faa8d2042ca4954b20e25ee9aed2fbf6 4165 javascript optional nodejs_20.15.1+dfsg-1ubuntu1.dsc
 774dbd4a3931a17737b3c27a7a67d587 272924 javascript optional nodejs_20.15.1+dfsg.orig-ada.tar.xz
 bb667f6fe9d5e8f6f62213ea19d46cc9 293320 javascript optional nodejs_20.15.1+dfsg.orig-types-node.tar.xz
 3a3c01f849f9a9bff69d9bef0f207e5d 30095988 javascript optional nodejs_20.15.1+dfsg.orig.tar.xz
 563b6abe0749a4ee720e58ecf1583863 167200 javascript optional nodejs_20.15.1+dfsg-1ubuntu1.debian.tar.xz
 18ef8523b0924b90551981744f2ef365 11587 javascript optional nodejs_20.15.1+dfsg-1ubuntu1_source.buildinfo

More information about the oracular-changes mailing list