Release Info

* update version, add patches and logs for debian * SECURITY UPDATE: Node.js vulnerabilities - debian/patches/CVE-2023-30589.patch: fix llhttp parser to properly validate LF after CR in HTTP header fields, add lenient flag checks before allowing CR without LF, add test file to verify the fix prevents request smuggling attacks - CVE-2023-30589 - debian/patches/CVE-2023-32559.patch: disable process.binding() when policy is enabled; update deprecations and errors docs and add new tests ensuring denial behavior - CVE-2023-32559 - debian/patches/CVE-2023-30590.patch: update documentation and add tests clarifying DH generateKeys behavior - CVE-2023-30590 - debian/patches/CVE-2023-23918.patch: prevent process.mainModule.require() policy bypass - CVE-2023-23918 - debian/patches/CVE-2023-32002-32006.patch: fix policy bypass vulnerabilities in experimental policy mechanism: * CVE-2023-32002: prevent Module.constructor._load() bypass by adding constructor property protection * CVE-2023-32006: prevent require.main.constructor and require.extensions bypass by implementing secure module loading validation - CVE-2023-32002, CVE-2023-32006 - debian/patches/CVE-2024-25629.patch: fix ares__read_line() function to prevent out-of-bounds read when parsing configuration files with embedded NULL characters - CVE-2024-25629 - debian/patches/CVE-2024-28863.patch: prevent extraction in excessively deep sub-folders to address unlimited sub-folders vulnerability - CVE-2024-28863 - debian/patches/CVE-2025-23085.patch: fix HTTP/2 memory leak on premature socket close or invalid header (ERR_PROTO) - CVE-2025-23085 - debian/patches/CVE-2024-27983.patch: close HTTP/2 streams during session destruction to prevent memory leak and DoS - CVE-2024-27983

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

alt-nodejs12-docs_12.22.12-5_amd64.deb alt-nodejs12-nodejs_12.22.12-5_amd64.deb alt-nodejs12-nodejs-devel_12.22.12-5_amd64.deb alt-nodejs12-npm_6.14.16-12.22.12.5_amd64.deb