-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Mar 2026 22:38:48 +0100 Source: nodejs Architecture: source Version: 22.22.2+dfsg+~cs22.19.15-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <[email protected]> Changed-By: Jérémy Lal <[email protected]> Changes: nodejs (22.22.2+dfsg+~cs22.19.15-1) unstable; urgency=medium . * New upstream version 22.22.2+dfsg+~cs22.19.15 * Security fixes: + CVE-2026-21637: wrap SNICallback invocation in try/catch (Matteo Collina) - High + CVE-2026-21710: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High + CVE-2026-21713: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium + CVE-2026-21714: handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium + CVE-2026-21717: test array index hash collision (Joyee Cheung) - Medium + CVE-2026-21715: add permission check to realpath.native (RafaelGSS) - Low + CVE-2026-21716: include permission check on lib/fs/promises (RafaelGSS) - Low Checksums-Sha1: 655d22ca252fa0dc3c5ab256d8728dcb8d74c230 4394 nodejs_22.22.2+dfsg+~cs22.19.15-1.dsc c449e15040a1d2fa196ac7791cc79adc10b7e478 328248 nodejs_22.22.2+dfsg+~cs22.19.15.orig-types-node.tar.xz 1b5116240fc3a1934ae2c87da45a3615e92dbbe9 23112104 nodejs_22.22.2+dfsg+~cs22.19.15.orig.tar.xz fd8180593d210cd0dc6b8f67f9731caa3f9f216f 161440 nodejs_22.22.2+dfsg+~cs22.19.15-1.debian.tar.xz d3cef7e1ff3d6df68b25da8d26a5e3d1103f6331 11436 nodejs_22.22.2+dfsg+~cs22.19.15-1_source.buildinfo Checksums-Sha256: 0c10a002494aadaa12008ea589a614e2b52b8f64454f05540b3a3f3b817d8810 4394 nodejs_22.22.2+dfsg+~cs22.19.15-1.dsc 75f7769499a60c51263b230799465c0dbd370b70c3a09230409e91531612ba9f 328248 nodejs_22.22.2+dfsg+~cs22.19.15.orig-types-node.tar.xz f1a6dfca7ffe7f9f42942274adf9f0a12733977a4744a53f41b20836907c449b 23112104 nodejs_22.22.2+dfsg+~cs22.19.15.orig.tar.xz 41dc00e2720a8d77cf084f905592e39b04044b49bc16297b49845984f52937e6 161440 nodejs_22.22.2+dfsg+~cs22.19.15-1.debian.tar.xz 8d6b375944bb7424b1d1ad15d74fee5bd01e8c167cfa70751a9d13f9b8c30d55 11436 nodejs_22.22.2+dfsg+~cs22.19.15-1_source.buildinfo Files: c4caaca83351e429a9b7bd14eacab15a 4394 javascript optional nodejs_22.22.2+dfsg+~cs22.19.15-1.dsc 92714ab319f7bd8f591644518d1e2fbc 328248 javascript optional nodejs_22.22.2+dfsg+~cs22.19.15.orig-types-node.tar.xz 04b6f1795ac40e763ae0a295c655a0bb 23112104 javascript optional nodejs_22.22.2+dfsg+~cs22.19.15.orig.tar.xz 219501c70f45622f56633a9b91edc83a 161440 javascript optional nodejs_22.22.2+dfsg+~cs22.19.15-1.debian.tar.xz b0361c6f7d5e05b57bdbd15b5ccf87ff 11436 javascript optional nodejs_22.22.2+dfsg+~cs22.19.15-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmnD7jsSHGthcG91ZXJA bWVsaXgub3JnAAoJEGYRwF7dOfN0PcYP/1Ej5D4hDr4gUbcOkhqVOuidSUHCYklS RJ+YKDXVHPJ3qN9z+4rEsiDR2BNDcp0QboWEjTG9+IM8epmWlS5NQBElc3AI8Paf o1vp5vMAu/DpggkpyYijEz6DhFCnYAJLMl+DOEZMLFsy85l3RrRiMi/r1bgIH471 AqtWxImngriTb2eBi1IiAYFKAAGyeQfLBOF/W9xsZdciNL76f1FriDyBL0B//plO DTtCyNjwQ867xl6EfNVvVPVN+jDfpyNWEp9WwQoE2cH0fBGpMR9A4+hYXkKFRevE EaZFbZcHzmz+y2JNDDASOYQD8gIn2qyNy+/SCs+CqTEx0HW6ZsU/NDLcQh+4FAzs 45ocTNbPDpflqjHkf5njZxDIgAJf/IDM1qUgbQwGWSv7D/xSAOY0RnPJdW8aZXcE twQeI4QaYcuyC7vzgR2CbSD8saPPwl1mli2dwnNv2Il7EtTGbL8/n5s2VGluIugs zo+C4+nmbNr2yU4jFv2enKm460+MCLPv0CT1s7tTawcE5zsRIBD8Zuv/m2DRbtVo F9KqLt0PlaKkJZNgNVIpGkx6hq4/YnhHvgVtkg+xcG2jG6pIZQhrpeB9hHp09RAQ 98rb+QDq9jDXhXAl5paOqj5QASkTCvfs157KWBOxzU+VBGXzgCjAzociWbMFMJTA jMO2b4yDl2by =y0K6 -----END PGP SIGNATURE-----
pgpG_XQMAmbZU.pgp
Description: PGP signature
