-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2026 22:11:25 +0100 Source: nodejs Binary: libnode-dev libnode115 libnode115-dbgsym nodejs nodejs-dbgsym Architecture: i386 Version: 20.19.2+dfsg-1+deb13u2 Distribution: trixie-security Urgency: medium Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Jérémy Lal Description: libnode-dev - evented I/O for V8 javascript (development files) libnode115 - evented I/O for V8 javascript - runtime library nodejs - evented I/O for V8 javascript - runtime executable Changes: nodejs (20.19.2+dfsg-1+deb13u2) trixie-security; urgency=medium . * Upstream security patches: + CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC + CVE-2026-21717: fix array index hash collision + CVE-2026-21710: http: use null prototype for headersDistinct/trailersDistinct + CVE-2026-21716: include permission check on lib/fs/promises + CVE-2026-21715: add permission check to realpath.native + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code + CVE-2026-21637: tls wrap SNICallback invocation in try/catch * copyright: add rapidhash from sec/51 patch Checksums-Sha1: d0cefaa24266b5c9da865933bd5b977652e9e029 562292 libnode-dev_20.19.2+dfsg-1+deb13u2_i386.deb aef30b5c812536dc91e3eb14dfde7f1731a659ee 40405784 libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb 9ad81a39e248efa5c79bb56d0e40f52e3df79f6d 12211708 libnode115_20.19.2+dfsg-1+deb13u2_i386.deb 2e748f11f3b47cb1d7d3d8c9b1219645af38d06e 2980 nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb ce13b8c4a3ae3794083e356666e53aa6adb67d6e 10857 nodejs_20.19.2+dfsg-1+deb13u2_i386-buildd.buildinfo 138130e60091e354cad0217cd0c65a0489997087 353464 nodejs_20.19.2+dfsg-1+deb13u2_i386.deb Checksums-Sha256: 734808f51d8b7ea77d14a60c9620d6276ab1690727e67c12cff16cb45a0ba2ee 562292 libnode-dev_20.19.2+dfsg-1+deb13u2_i386.deb 84983b6ca2b78aac6714a7352a503e29659b0a9d9078b54efe79cd0b85738ee3 40405784 libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb 0d0cc3766810429de6bd3a4284c92bca5d49dc9fe20e284c9a6d1eb91fe65a90 12211708 libnode115_20.19.2+dfsg-1+deb13u2_i386.deb 28b026d0d661de21fbea157db888c39799c20cb9ca8adfb0f9e772d32015bf9a 2980 nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb 5a3b71400f8172681054d2bd27dab692980a54539f5338aa7e80e98ef048724c 10857 nodejs_20.19.2+dfsg-1+deb13u2_i386-buildd.buildinfo 0d496a2899149a39359697f3572f576c1bca486c4ddec16f7d4762779c017a92 353464 nodejs_20.19.2+dfsg-1+deb13u2_i386.deb Files: 9534a4e5c7e1aa601c30a1c9b00a6b85 562292 libdevel optional libnode-dev_20.19.2+dfsg-1+deb13u2_i386.deb 832cb6728ffe4a3d623dafdedcec20ee 40405784 debug optional libnode115-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb e699ffc31acd3bc1070b471ca82cfdec 12211708 libs optional libnode115_20.19.2+dfsg-1+deb13u2_i386.deb 861b01d11768d72a2dec957913dc10b5 2980 debug optional nodejs-dbgsym_20.19.2+dfsg-1+deb13u2_i386.deb 13a2e7c8367b599d56d1d4039649db6d 10857 javascript optional nodejs_20.19.2+dfsg-1+deb13u2_i386-buildd.buildinfo 9e6fbedad3f71f5db57b442e2051d245 353464 javascript optional nodejs_20.19.2+dfsg-1+deb13u2_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmnElH4ACgkQf2INRiCd aWIlVw//SUSND0T75F7uliHF85reY+H7CwlUZAqqxHO4izyhro0S3FrLnauBrwbL xfZYaDQpLimdXgpYzlkIMXGNHUdkTsbteWvTzQFkqpx3PLH/xZCV6cq20Knuc+5Q gDQG8ZO7o86yoTOkpNt+dLghoglov/REuQGC2KXJ/fl/E/T0VICQarR8avGgWwRu QPf/AfkMsITUfhlK6ur4VucAgrLtra9r0hFsYyfcIezXhRFpwSXCzRVm28IaWewC PE7Cbv3NwLuSGP9ZI/d0ih3UNRhsSAakujdhj87JO4gQo36MJWdNajP0Hin738PU Q+Qk47OLeKHwkgbp009Svm2Lped1S7QluN++J0BxQnYjREYOBvcdMMUNXKesGe6E IQ6fTdI8/foqjy97WlaC3rMrcK9oAF4WalWVUnFxIkw8wkiMV05CtWw+Py2YZBjH VzEVutyAjdMPBcXbNTLM4Liw0DNGwoqE8YCm7tk5KLNUjmivD8UYTCVWz+Al/Xef e6oUj6abz5csP/9Wi+znCrLUx/BVrpltoni67HukAm/RG0FbkvpNiRQNxdyVOXev RwmLiLv7KlR5qGYkXND+XDJlP8UC6RbW2fLRaRFtwmZYa1YlZU0FKbNDhtfQOPx0 Y0aIEqfP3EMs3ow2tLbpe+WkDpcp52XPIqkYNbt9shF4cQq2uYs= =Nekv -----END PGP SIGNATURE-----