Subject: CVS commit: pkgsrc/lang/nodejs10
From: Adam Ciarcinski
Date: 2021-04-07 08:19:21
Message id: 20210407061921.E01AAFA95@cvs.NetBSD.org

Log Message:
nodejs10: updated to 10.24.1

Version 10.24.1 'Dubnium' (LTS)

This is a security release.

Notable Changes

Vulerabilties fixed:

CVE-2021-3450: OpenSSL - CA certificate check bypass with \ 
X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You \ 
can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You \ 
can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines

CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by \ 
prototype pollution. You can read more about it in \ 
https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines

Files:
RevisionActionfile
1.23modifypkgsrc/lang/nodejs10/Makefile
1.15modifypkgsrc/lang/nodejs10/distinfo