-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Apr 2025 16:52:32 +0200
Source: nodejs
Architecture: source
Version: 12.22.12~dfsg-1~deb11u7
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@alioth-lists.debian.net>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 922075 1076350
Changes:
nodejs (12.22.12~dfsg-1~deb11u7) bullseye-security; urgency=medium
.
* Static link libuv on 32bits architecture. Closes: #922075, #1076350
Fix CVE-2025-47153:
Certain build processes for libuv and Node.js for 32-bit systems
have an inconsistent off_t size (e.g., building on i386 Debian always
uses _FILE_OFFSET_BITS=64 for the libuv dynamic library,
but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs),
leading to out-of-bounds access
Checksums-Sha1:
0e5a10841f0b06dc7ee08d34cfb540a002209f08 3480 nodejs_12.22.12~dfsg-1~deb11u7.dsc
1fef218bb8d9f06059919565b50cc122dc10cebb 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
502cfe0a9691d3974ca79e9f82aa4eed6eb24380 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
8c196139630eb56d3f66db19c92f4e9ef259c27e 178824 nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
578eeb591c12ab6cfbbdabbe308f394c376a1310 11090 nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo
Checksums-Sha256:
f6fff82032a9870cadf5e33c7beeb10af555dc1f4a9cce92fd81ecaed39de6ff 3480 nodejs_12.22.12~dfsg-1~deb11u7.dsc
e640dd32d922eed23cd5dabf56600cfd335ea5ce3c756dc96024adebf94555f8 87112 nodejs_12.22.12~dfsg.orig-types-node.tar.xz
06f8eb29e52d5eb720c4ae2316b3c1b71efb12aa73bf27138f1cc776a7315aff 19005908 nodejs_12.22.12~dfsg.orig.tar.xz
b3a8d22c6664960d9b645399707cf09100ef4a6dfb15bde2ac794fa22e5fc299 178824 nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
af329aadbbe774938d747758ef254bf3262f0b126ad4996ce12a0ab9aac9d85e 11090 nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo
Files:
8325bead0a2e8795899e6d8ac785b2b4 3480 javascript optional nodejs_12.22.12~dfsg-1~deb11u7.dsc
b3dc69de461763b2918b81ef426fe0ff 87112 javascript optional nodejs_12.22.12~dfsg.orig-types-node.tar.xz
effb4e471c3cf4c7184d357a38985c56 19005908 javascript optional nodejs_12.22.12~dfsg.orig.tar.xz
6af870aafa4a190ce04e85b58580795e 178824 javascript optional nodejs_12.22.12~dfsg-1~deb11u7.debian.tar.xz
b395eda56e9a4492ad7cb8b199524260 11090 javascript optional nodejs_12.22.12~dfsg-1~deb11u7_i386.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgTwqAACgkQADoaLapB
CF/KRRAAsGyRUcTk49S5nubwqhEdyicNOd88zJ9lUGT+jadCEAbhoQDTqOl3ofNR
u4MV/bPlsyRytSDEE4C16cjCrKUMubi5K2YleF52YNeCHdLJroVMsz6gvLhT9CCN
SKdVp7jXJzKyCg1NC3A7YCsljeDPS8BiYyHbmv18gKi/oTC0HS2LEA9tqgEtrHoK
GeUEV+EhEcR56CnkeNxB7aHlJ/FCDpZZOBHUcT7SUxqmIa86LlCX5jlG5zqBm2VS
YWbMgmhLK6aZaJIOAhhWJWU76LzCxJrIZJpsGI8Uerrfz45kZWK5qi6NHNiKAJay
PRORlhY6lIRWYlBxLAQRloxcvHyW/ypUNtHBeXYmWl6U5Zp5e72WHQGTaqxB5Sju
m82e/1nE0wjb1WJNWm1sF/NpxebPe3kfq+KZo7YlCXmJsKz2aJ3RLAR/XEV2CnwY
OuosgDPGguIlQPL+tbDoW8RVY/2PhYTZkgKaFLqhj0jcLiUOGu6MMiQe1cUn7a7h
IMPntmHH/SWfq9Dby04aWlYCdOwJHT1rVPKzo1KL13opP/POLPOSWhYAsxHtLsf5
SA3MY9vLw/eGqvpu5OKh4ez50MlURotrR0NC4FPF/lOW2YXHQJrBy7WaNBbJZc8G
jQwhUfHtLnR9XrRfPLP9tjDKkno1eqohTdEndGRR63f0u0v05UU=
=mvnj
-----END PGP SIGNATURE-----
Attachment:
pgpED2zr6vcl5.pgp
Description: PGP signature