./lang/nodejs, V8 JavaScript for clients and servers

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q3, Version: 18.9.1, Package name: nodejs-18.9.1, Maintainer: pkgsrc-users

Node.js is an evented I/O framework for the V8 JavaScript engine. It is
intended for writing scalable network programs such as web servers.

This package holds the latest release.



Package options: openssl

Master sites:

Filesize: 37417.207 KB

Version history: (Expand)

CVS history: (Expand)


   2022-10-03 17:32:47 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #6678 - requested by taca
lang/nodejs: security fix

Revisions pulled up:
- lang/nodejs/Makefile                                          1.241
- lang/nodejs/PLIST                                             1.65
- lang/nodejs/distinfo                                          1.222

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Sep 27 07:59:10 UTC 2022

   Modified Files:
   	pkgsrc/lang/nodejs: Makefile PLIST distinfo

   Log message:
   nodejs: updated to 18.9.1

   Version 18.9.1 (Current)

   This is a security release.

   Notable changes

   The following CVEs are fixed in this release:

   CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
   Insufficient fix for macOS devices on v18.5.0
   CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup \ 
on MacOS (Medium)
   CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding \ 
(Medium)
   Insufficient fix on v18.5.0
   CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line \ 
Transfer-Encoding (Medium)
   Insufficient fix on v18.5.0
   CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields \ 
(Medium)
   CVE-2022-35255: Weak randomness in WebCrypto keygen