Next | Query returned 30 messages, browsing 11 to 20 | Previous

History of commit frequency

CVS Commit History:


   2021-01-05 09:35:36 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs10: updated to 10.23.1

Version 10.23.1 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are \ 
vulnerable to a use-after-free bug in its TLS implementation. When writing to a \ 
TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a \ 
freshly allocated WriteWrap object as first argument. If the DoWrite method does \ 
not return an error, this object is passed back to the caller as part of a \ 
StreamWriteResult structure. This may be exploited to corrupt memory leading to \ 
a Denial of Service or potentially other exploits
CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js \ 
allow two copies of a header field in a http request. For example, two \ 
Transfer-Encoding header fields. In this case Node.js identifies the first \ 
header field and ignores the second. This can lead to HTTP Request Smuggling \ 
(https://cwe.mitre.org/data/definitions/444.html).
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a \ 
vulnerability in OpenSSL which may be exploited through Node.js. You can read \ 
more about it in https://www.openssl.org/news/secadv/20201208.txt
   2020-12-16 08:29:36 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
nodejs8, nodejs10: add PYTHON_VERSIONS_ACCEPTED
   2020-11-14 10:54:23 by Jonathan Perkin | Files touched by this commit (6)
Log message:
nodejs*: Fix builds with icu-68.1.
   2020-11-12 22:02:44 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nodejs10: updated to 10.23.0

Version 10.23.0 'Dubnium' (LTS)

Notable changes

deps:
upgrade npm to 6.14.8

n-api:
create N-API version 7
expose napi_build_version variable

tools:
add debug entitlements for macOS 10.15+
   2020-11-05 10:09:30 by Ryo ONODERA | Files touched by this commit (1814)
Log message:
*: Recursive revbump from textproc/icu-68.1
   2020-10-02 14:23:54 by Adam Ciarcinski | Files touched by this commit (5) | Package updated
Log message:
nodejs10: updated to 10.22.1

Version 10.22.1 'Dubnium' (LTS)

Notable changes
This is a security release.

Vulnerabilities fixed:
CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

Version 10.22.0 'Dubnium' (LTS)

Notable changes
deps:
* upgrade npm to 6.14.6
* upgrade openssl sources to 1.1.1g
n-api:
* add napi_detach_arraybuffer
   2020-06-18 06:58:24 by David H. Gutteridge | Files touched by this commit (6) | Package updated
Log message:
nodejs/nodejs10/nodejs12: these now require nghttp2>=1.41.0

As of the last updates to each of these, made earlier this month, they
now require nghttp2>=1.41.0 to build. They expect
nghttp2_option_set_max_settings to be available.
   2020-06-03 11:25:38 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nodejs10: updated to 10.21.0

Version 10.21.0 'Dubnium' (LTS)

Notable changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory \ 
corruption (High).
CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).

Commits

- deps: fix OPENSSLDIR on Windows
- deps: backport ICU-20958 to fix CVE-2020-10531
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability
   2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689)
Log message:
Revbump for icu
   2020-05-31 23:41:22 by Roland Illig | Files touched by this commit (3)
Log message:
lang/nodejs*: skip portability check for macOS installation scripts

Next | Query returned 30 messages, browsing 11 to 20 | Previous