-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2026 22:11:25 +0100 Source: nodejs Binary: libnode-dev libnode115 libnode115-dbgsym nodejs nodejs-dbgsym Architecture: amd64 Version: 20.19.2+dfsg-1+deb13u2 Distribution: trixie-security Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode115 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Changes: nodejs (20.19.2+dfsg-1+deb13u2) trixie-security; urgency=medium . * Upstream security patches: + CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC + CVE-2026-21717: fix array index hash collision + CVE-2026-21710: http: use null prototype for headersDistinct/trailersDistinct + CVE-2026-21716: include permission check on lib/fs/promises + CVE-2026-21715: add permission check to realpath.native + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code + CVE-2026-21637: tls wrap SNICallback invocation in try/catch * copyright: add rapidhash from sec/51 patch Checksums-Sha1: b1035d221c73fd6cbe936e4b9e57060816937e89 536852 libnode-dev_20.19.2+dfsg-1+deb13u2_amd64.deb 52c23242014083ca187ab965edee2d8b6abea20c 1035055372 libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb 3f1d6f1f035b5854e4084898852d75fcdc98066f 12113428 libnode115_20.19.2+dfsg-1+deb13u2_amd64.deb ab78ae83d8b9592bbb873d3d4d607bd8a7501c8c 82556 nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb cca57f539b6d4b4fcda55cfc4f1a8e1144a1086f 10931 nodejs_20.19.2+dfsg-1+deb13u2_amd64-buildd.buildinfo 4ae65f67b809968cd9c70b4b8fadc62ef1d723db 353416 nodejs_20.19.2+dfsg-1+deb13u2_amd64.deb Checksums-Sha256: dbd2bcc3384f7ce727c0b84b803df78d96f84ab77fc4953a0b3afa5fbb124f37 536852 libnode-dev_20.19.2+dfsg-1+deb13u2_amd64.deb 606ccd27306e6e8d36a14461be6866dc8abd7c1afbbf69f8683973701b8bd66f 1035055372 libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb 76e19950d6f79d4a3fcba700573fad26df377169ea3fad6a3cefa2ba6a629911 12113428 libnode115_20.19.2+dfsg-1+deb13u2_amd64.deb 5d2daad10cc9f99be191348a665645ba0d36db587187e8be3472129f1c8c36d1 82556 nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb 9a3cc5c694518299fa3580cc35900f5c0ff22aa88366000a522c0c3173ffc923 10931 nodejs_20.19.2+dfsg-1+deb13u2_amd64-buildd.buildinfo 3e2d151f46ae1f1ab644fa6d11d85e7cf30d9aa182935bc16b99bf9888be8a85 353416 nodejs_20.19.2+dfsg-1+deb13u2_amd64.deb Files: 7f736e7b96bde8c5ad9662662dad1bc1 536852 libdevel optional libnode-dev_20.19.2+dfsg-1+deb13u2_amd64.deb 38f142e8ec824337a38b66192f2c2c6d 1035055372 debug optional libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb 0b5657df2918de8795e25204520bac3a 12113428 libs optional libnode115_20.19.2+dfsg-1+deb13u2_amd64.deb e439f468908b2f042e194ccef8ca1f8f 82556 debug optional nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_amd64.deb 6becace8fbca8e414ac896dd942f6bf2 10931 javascript optional nodejs_20.19.2+dfsg-1+deb13u2_amd64-buildd.buildinfo 66f49784cdcda5623dfa18beaef04fdd 353416 javascript optional nodejs_20.19.2+dfsg-1+deb13u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmnEUr0ACgkQN8Ugyu9d QiQGFxAAucMsN1dGwdpRNgbXxD9cuoQ41Y/W9js5d7nNXP4Vre8rettHby4o+9Ye +ZfciY9VahePaTdPvIPwcNx7RKliUljM7nLBqqkYLzN1tpqyMWWOnsLFpOYHVaIa URN7spsEQlXxP+9Y9y9kd1uanOXuvdJogQ9bPDGmFq0YeZ59Hl1/dyK7SetqKJJJ vRoLWHX+io+2Rns43OGne1HloorhqXFW3gxOmosuqp1+Nxm6/ahKddcnDAtAgzFP i///JjNR/BwDxs4ny5NiNEHRk3tlAnm3gl7O25BosaoxO77TSZegMmyJjsDkakfj ozywhxjgqefdkG3Mo9jyH+Tb586E6h4P+rIEjxawI9nxWMHJ8mITW9CpOp6IpAXO vL+VdQdm/EUtoyIWcWqJCTrxgk2HXE+iDT2Xxx+UaqzhM3W03jlF977yLYGUEX12 eCxwHirbvD78UrupHB776F7L/xokqevz9c1sC1sDGgi8GiGTZgNjcY+LGBLY/SRG 2JBaTLbIrLKF9s9N4ek47ANL04GgN6UL2YKbxWL/IerYKQgKFhzpeaSs42OS4ikC sX342+TdGZIQY4S+mUSCVSJmYXR2caG6RPS9t60HHtpnhTeZJ8hYAmMYHz0AGFmF hgQlK/wbjEF/JK+UecXQg8YoZuTfEfTHobDWXGSdRM3K7/KRrrY= =gNNB -----END PGP SIGNATURE-----