Subject: CVS commit: pkgsrc/lang/nodejs12
From: Adam Ciarcinski
Date: 2020-02-07 10:51:09
Message id: 20200207095109.6745EFBF4@cvs.NetBSD.org

Log Message:
nodejs12: updated to 12.15.0

Version 12.15.0 'Erbium' (LTS):

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed \ 
certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may cause \ 
problems in interoperability with some non-conformant HTTP implementations, it \ 
is possible to disable the strict checks with the --insecure-http-parser command \ 
line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser \ 
should be avoided.

Files:
RevisionActionfile
1.6modifypkgsrc/lang/nodejs12/Makefile
1.5modifypkgsrc/lang/nodejs12/distinfo