nodejs (12.22.9~dfsg-1ubuntu3.6) jammy-security; urgency=medium
* SECURITY UPDATE: Bypass the Policy Mechanism
- debian/patches/CVE-2023-32002.patch: fixed a policy mechanism bypass in
`Module._load` (CVE-2023-32002) and one in `constructor.createRequire`
(CVE-2023-32006)
- debian/patches/CVE-2023-32559.patch: fixed a privilege escalation in
process.binding
- CVE-2023-32002
- CVE-2023-32006
- CVE-2023-32559
-- Amir Naseredini <amir.naseredini@canonical.com> Fri, 07 Jun 2024 16:17:56 +0100
nodejs (12.22.9~dfsg-1ubuntu3.5) jammy-security; urgency=medium
* SECURITY UPDATE: Incorrect Documentation for Diffie-Hellman APIs
- debian/patches/CVE-2023-30590.patch: fixed the inconsistency between the
documents and the function of Diffie-Hellman APIs
- CVE-2023-30590
-- Amir Naseredini <amir.naseredini@canonical.com> Wed, 03 Apr 2024 09:09:24 +0100
nodejs (12.22.9~dfsg-1ubuntu3.4) jammy-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation
- debian/patches/CVE-2023-23920.patch: added `ICU_NO_USER_DATA_OVERRIDE` to
fix an issue with insecure loading of ICU data
- CVE-2023-23920
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2023-2650.patch: fixed an issue in openssl in nodejs
- CVE-2023-2650
-- Amir Naseredini <amir.naseredini@canonical.com> Wed, 21 Feb 2024 18:32:20 +0000
nodejs (12.22.9~dfsg-1ubuntu3.3) jammy-security; urgency=medium
* SECURITY UPDATE: Obtain Sensitive Information
- debian/patches/CVE-2022-4304.patch: fixed a timing based side channel in
the OpenSSL RSA Decryption implementation
- debian/patches/CVE-2023-0286.patch: fixed a type confusion vulnerability
in GENERAL_NAME_cmp function
- CVE-2022-4304
- CVE-2023-0286
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-4450.patch: fixed an issue that will result in a
crash in PEM_read_bio_ex function
- debian/patches/CVE-2023-0215.patch: fixed a use-after-free issue in
BIO_new_NDEF function
- debian/patches/CVE-2023-0401.patch: fixed a NULL pointer dereference in
PKCS7
- CVE-2022-4450
- CVE-2023-0215
- CVE-2023-0401
-- Amir Naseredini <amir.naseredini@canonical.com> Tue, 12 Dec 2023 18:34:04 +0000
nodejs (12.22.9~dfsg-1ubuntu3.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary Code Execution
- debian/patches/CVE-2022-32212-1.patch: fixed IPv4 validation in
inspector_socket
- debian/patches/CVE-2022-32212-2.patch: fixed IPv4 non routable validation
- debian/patches/CVE-2022-32213-1.patch: add common.mustSucceed for the -2
patch
- debian/patches/CVE-2022-32213-2.patch: stricter Transfer-Encoding and
header separator parsing. Also fixes CVE-2022-32214 and CVE-2022-32215
- debian/patches/CVE-2022-32213-3.patch: disabled chunked encoding when OBS
fold is used. Also fixes CVE-2022-35256.
- debian/patches/CVE-2022-43548.patch: harden IP address validation again
- CVE-2022-32212
- CVE-2022-32213
- CVE-2022-32214
- CVE-2022-32215
- CVE-2022-35256
- CVE-2022-43548
-- Amir Naseredini <amir.naseredini@canonical.com> Wed, 15 Nov 2023 15:29:18 +0000
nodejs (12.22.9~dfsg-1ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2022-1292.patch: fixed a remote code execution in
openssl in nodejs
- debian/patches/CVE-2022-2068.patch: fixed an arbitrary code execution in
openssl in nodejs
- debian/patches/CVE-2022-2097.patch: fixed a memory corruption in openssl
in nodejs
- CVE-2022-1292
- CVE-2022-2068
- CVE-2022-2097
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-0778.patch: fixed an infinite loop in
BN_mod_sqrt module
- CVE-2022-0778
-- Amir Naseredini <amir.naseredini@canonical.com> Thu, 26 Oct 2023 18:23:45 +0100
nodejs (12.22.9~dfsg-1ubuntu3) jammy; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <doko@ubuntu.com> Wed, 09 Feb 2022 05:41:38 +0100
nodejs (12.22.9~dfsg-1ubuntu2) jammy; urgency=medium
* Cherry-pick Python 3.10 upstream fixes:
- debian/patches/24c403cfaf8bdbcd8b19037531c8998709d2b949.patch:
- debian/patches/e548e053a2fda35f38272fb023f543e52ae77566.patch:
-- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 31 Jan 2022 23:17:20 +0100
nodejs (12.22.9~dfsg-1ubuntu1) jammy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Ubuntu is switching to openssl v3, however nodejs v12 must remain on
openssl v1.1.1 abi. Thus switch from using shared system openssl to
the vendored one.
- debian/patches/test-lowerseclevel.patch: lower SECLEVEL in the
openssl.cnf used for testing
- Cherry-pick upstream 7232c2a1604d241ce0455d919ba9b0b8e9959f81
to fix a build failure with new glibc
-- Gianfranco Costamagna <locutusofborg@debian.org> Mon, 31 Jan 2022 22:57:08 +0100
nodejs (12.22.9~dfsg-1) unstable; urgency=medium
[ Yadd ]
* Team upload
* Add fix for node-js-yaml ≥ 4
* Clean unneeded versioned dependency contraints
[ Jérémy Lal ]
* New upstream version 12.22.9~dfsg
* Fix make-doc patch for marked 4
* Depends on libuv >= 1.38.0
* Apply js-yaml compatibility before make-doc patch
-- Jérémy Lal <kapouer@melix.org> Thu, 27 Jan 2022 13:42:36 +0100
# For older changelog entries, run 'apt-get changelog nodejs-doc'
Generated by dwww version 1.14 on Wed Jan 22 08:58:31 CET 2025.