Link [ pkgsrc | NetBSD | pkgsrc git mirror | PR fulltext-search | netbsd commit viewer ]


   
        usage: [branch:branch] [user:user] [path[@revision]] keyword [... [-excludekeyword [...]]] (e.g. branch:MAIN pkgtools/pkg)


[ 1 ]


switch to index mode

recent branches: MAIN (6h)  pkgsrc-2024Q1 (10d)  pkgsrc-2023Q4 (57d)  pkgsrc-2023Q2 (90d)  pkgsrc-2023Q3 (169d) 

2024-05-28 10:53:46 UTC Now

2022-10-03 15:32:47 UTC pkgsrc-2022Q3 commitmail json YAML

pkgsrc/lang/nodejs/Makefile@1.240.2.1 / diff
pkgsrc/lang/nodejs/PLIST@1.64.4.1 / diff
pkgsrc/lang/nodejs/distinfo@1.221.2.1 / diff

Pullup ticket #6678 - requested by taca
lang/nodejs: security fix

Revisions pulled up:
- lang/nodejs/Makefile                                          1.241
- lang/nodejs/PLIST                                            1.65
- lang/nodejs/distinfo                                          1.222

---
  Module Name: pkgsrc
  Committed By: adam
  Date: Tue Sep 27 07:59:10 UTC 2022

  Modified Files:
  pkgsrc/lang/nodejs: Makefile PLIST distinfo

  Log Message:
  nodejs: updated to 18.9.1

  Version 18.9.1 (Current)

  This is a security release.

  Notable changes

  The following CVEs are fixed in this release:

  CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
  Insufficient fix for macOS devices on v18.5.0
  CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)
  CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)
  Insufficient fix on v18.5.0
  CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)
  Insufficient fix on v18.5.0
  CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)
  CVE-2022-35255: Weak randomness in WebCrypto keygen

(bsiegert)

[ 1 ]