Now
pkgsrc-2022Q3 commitmail json YAML
pkgsrc/lang/nodejs/Makefile@1.240.2.1
/
diff
pkgsrc/lang/nodejs/PLIST@1.64.4.1 / diff
pkgsrc/lang/nodejs/distinfo@1.221.2.1 / diff
pkgsrc/lang/nodejs/PLIST@1.64.4.1 / diff
pkgsrc/lang/nodejs/distinfo@1.221.2.1 / diff
Pullup ticket #6678 - requested by taca
lang/nodejs: security fix
Revisions pulled up:
- lang/nodejs/Makefile 1.241
- lang/nodejs/PLIST 1.65
- lang/nodejs/distinfo 1.222
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Sep 27 07:59:10 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile PLIST distinfo
Log Message:
nodejs: updated to 18.9.1
Version 18.9.1 (Current)
This is a security release.
Notable changes
The following CVEs are fixed in this release:
CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
Insufficient fix for macOS devices on v18.5.0
CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
CVE-2022-35255: Weak randomness in WebCrypto keygen
lang/nodejs: security fix
Revisions pulled up:
- lang/nodejs/Makefile 1.241
- lang/nodejs/PLIST 1.65
- lang/nodejs/distinfo 1.222
---
Module Name: pkgsrc
Committed By: adam
Date: Tue Sep 27 07:59:10 UTC 2022
Modified Files:
pkgsrc/lang/nodejs: Makefile PLIST distinfo
Log Message:
nodejs: updated to 18.9.1
Version 18.9.1 (Current)
This is a security release.
Notable changes
The following CVEs are fixed in this release:
CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
Insufficient fix for macOS devices on v18.5.0
CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
Insufficient fix on v18.5.0
CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
CVE-2022-35255: Weak randomness in WebCrypto keygen