---
- branch: MAIN
  date: Fri Feb  7 09:51:09 UTC 2020
  files:
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/lang/nodejs12/Makefile
    pathrev: pkgsrc/lang/nodejs12/Makefile@1.6
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/lang/nodejs12/distinfo
    pathrev: pkgsrc/lang/nodejs12/distinfo@1.5
    type: modified
  id: 20200207T095109Z.73cd353551092560b8c4b31fc98086ec9e9ddf63
  log: |
    nodejs12: updated to 12.15.0

    Version 12.15.0 'Erbium' (LTS):

    Notable changes

    This is a security release.

    Vulnerabilities fixed:

    CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
    CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
    CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

    Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the --insecure-http-parser command line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser should be avoided.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/nodejs12'
  unixtime: '1581069069'
  user: adam