Now
MAIN commitmail json YAML
pkgsrc/lang/nodejs/Makefile@1.241
/
diff
pkgsrc/lang/nodejs/PLIST@1.65 / diff
pkgsrc/lang/nodejs/distinfo@1.222 / diff
pkgsrc/lang/nodejs/PLIST@1.65 / diff
pkgsrc/lang/nodejs/distinfo@1.222 / diff
nodejs: updated to 18.9.1
Version 18.9.1 (Current)
This is a security release.
Notable changes
The following CVEs are fixed in this release:
CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
Insufficient fix for macOS devices on v18.5.0
CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
CVE-2022-35255: Weak randomness in WebCrypto keygen
Version 18.9.1 (Current)
This is a security release.
Notable changes
The following CVEs are fixed in this release:
CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
Insufficient fix for macOS devices on v18.5.0
CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
CVE-2022-35255: Weak randomness in WebCrypto keygen