From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Cc: Martin Bark <martin@barkynet.com>, Daniel Price <daniel.price@gmail.com>
Subject: Re: [Buildroot] [PATCH] package/nodejs: security bump to version 16.20.0
Date: Thu, 06 Jul 2023 13:33:02 +0200 [thread overview]
Message-ID: <87ilax2s29.fsf@48ers.dk> (raw)
In-Reply-To: <20230619143220.210438-1-peter@korsgaard.com> (Peter Korsgaard's message of "Mon, 19 Jun 2023 16:32:20 +0200")
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2023-23918: Node.js Permissions policies can be bypassed via
> process.mainModule (High)
> - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
> library (Medium)
> - CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
> environment variable (Low)
> - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
> injection in host headers (Medium)
> https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
> - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
> fetch API (Low)
> https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
> For more details, see the advisory:
> https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
> Update LICENSE hash after an update of the openssl license snippet:
> https://github.com/nodejs/node/commit/e7ed56f501389978e4619ab697a812631c4061ff
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-07-06 11:33 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-19 14:32 [Buildroot] [PATCH] package/nodejs: security bump to version 16.20.0 Peter Korsgaard
2023-06-19 19:34 ` Arnout Vandecappelle via buildroot
2023-07-06 11:33 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilax2s29.fsf@48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=daniel.price@gmail.com \
--cc=martin@barkynet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.