Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Adam Ciarcinski
Date: 2020-06-03 10:41:24
Message id: 20200603084124.EFCA1FB27@cvs.NetBSD.org
Log Message:
nodejs: updated to 14.4.0
Version 14.4.0 (Current)
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification \
bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory \
corruption (High).
Commits
- crypto: update root certificates
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability
- tls: emit session after verifying certificate
- tools: update certdata.txt
Files: