-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5170-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 27, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nodejs CVE ID : CVE-2021-22959 CVE-2021-22960 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVE-2021-44531 Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, a bypass of certificate verification or prototype pollution. For the stable distribution (bullseye), these problems have been fixed in version 12.22.12~dfsg-1~deb11u1. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmK5+foACgkQEMKTtsN8 TjbGrg/+PU+oRJ5ARjKwXR1aCdxMvhdzanyaAP7nVeo+iHQwl+13U958e9TpadqX 5gBmmlkWM7vcHHr5Anw6gGptF5L2NTj/Hid4SDFswNLCzqbIm9eIl0FFg2n7ilGD ISZtXEV089UUzCSat1Nk3A7eq3ShESWciFhHkwhejZKzcTJgbzAPFbZSazOfYaXP JREl8OnFg9WWO27gj/zkjHhsG/ZPgJjoGagSfpIuEx3KL/KOiG3eJmJtjS68RVTF D6Zg6P8iFmQLy/PKZycPXEm5Jp5Zrtan4N6yJl3EHFdjcJTJSmCZy0HlLL97eRle kVQI5/KgH9Ev1VYPycOg+cPPaBDLpoFO7OtzhZLmq4/IUsEKHOMeNTKZQWYXjDzl nLANjnHGt7pfw2poXRgblzSikJHiAurJRGarP4k0ebGyy8B6nKrQUlgDI0u4y48z JiqsP95mwCvwFlrjxSTjG5R7AsEuszytqejyxeg5qqkkQKSONsLj02Eav+QqInUS D9dHEl4eoBx529Fu3ZWBfTxe4avxFm/HDw2FJDxz0ciP7S/H0+5TyFwym3tmQpY8 pXD49bVCoE5my4JeDEhpZp1YrsQFTv3RUqqLp3T1uUlsdON4Jz3RP4WX4dzIRte+ fJO6fg+26+h7VykuyWSKYYEyFy1dDmGypc93KfNMrU75BztQpsI= =ELbx -----END PGP SIGNATURE-----