Re: Node
On Thu, Aug 28, 2025 at 09:38:51PM +0200, Jérémy Lal wrote:
> Le mar. 26 août 2025 à 18:29, Moritz Mühlenhoff <jmm@inutil.org> a écrit :
>
> > Am Fri, Aug 22, 2025 at 09:32:09PM +0200 schrieb Jérémy Lal:
> > > Hi,
> > >
> > > d/changelog below for the package changes.
> > >
> > > The libuv-related changes:
> > > - rebundle libuv (that has been excluded from tarball for simplicity)
> > > - rebuild/static link libuv on i386 only
> > >
> > > For context:
> > > I spent time trying to fix all potential breakage due to that update,
> > > before applying for a t-p-u.
> > > Some packages were still ftbfs, but unrelated to nodejs.
> > >
> > > For greater context:
> > > Many issues came from @node/types being silently upgraded, as part of the
> > > MUT of nodejs.
> > > This is something we are going to get better at.
> >
> > Hi Jérémy,
> > The autopkgtests for bookworm-security failed for three rdeps on
> > Bookworm, could you have a look at these? Some might have been
> > failing before as well given that on Bookworm autopkgtest coverage
> > is generally rather limited.
DSA has been released, thanks for clearing out the several test failures
over time!
I actually only noticed earlier the day that there were still 18.x releases
up to 18.20.8, so when we do the next update for bookworm we might just as
well base it on that last 18.20.x release.
There are two remaining security issues affecting Bookworm:
CVE-2025-23085 / #1094134 (fixed in 18.20.6)
CVE-2025-23166 / #1105832 (wasn't fixed in 18.x any more)
I'll mark them as <postponed>, we can piggyback them on the next security
update round for Bookworm.
Cheers,
Moritz
Reply to:
- References:
- Re: Node
- From: Jérémy Lal <kapouer@melix.org>