Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Adam Ciarcinski
Date: 2021-08-04 11:08:32
Message id: 20210804090832.CB8B1FA97@cvs.NetBSD.org
Log Message:
nodejs: updated to 14.17.4
Version 14.17.4 'Fermium' (LTS)
This is a security release.
Notable Changes
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might be able \
to exploit the memory corruption, to change process behavior. You can read more \
about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
This releases also fixes some regressions with internationalization introduced \
by the ICU updates in Node.js 14.17.0 and 14.17.1.
Files: