Subject: CVS commit: pkgsrc/lang/nodejs10
From: Adam Ciarcinski
Date: 2020-02-07 10:50:36
Message id: 20200207095036.85E23FBF4@cvs.NetBSD.org

Log Message:
nodejs10: updated to 10.19.0

Version 10.19.0 'Dubnium' (LTS):

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed \ 
certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may cause \ 
problems in interoperability with some non-conformant HTTP implementations, it \ 
is possible to disable the strict checks with the --insecure-http-parser command \ 
line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser \ 
should be avoided.

Files:
RevisionActionfile
1.4modifypkgsrc/lang/nodejs10/Makefile
1.4modifypkgsrc/lang/nodejs10/distinfo