Next | Query returned 1 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2022-10-03 17:32:47 by Benny Siegert | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #6678 - requested by taca
lang/nodejs: security fix

Revisions pulled up:
- lang/nodejs/Makefile                                          1.241
- lang/nodejs/PLIST                                             1.65
- lang/nodejs/distinfo                                          1.222

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Sep 27 07:59:10 UTC 2022

   Modified Files:
   	pkgsrc/lang/nodejs: Makefile PLIST distinfo

   Log message:
   nodejs: updated to 18.9.1

   Version 18.9.1 (Current)

   This is a security release.

   Notable changes

   The following CVEs are fixed in this release:

   CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
   Insufficient fix for macOS devices on v18.5.0
   CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup \ 
on MacOS (Medium)
   CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding \ 
(Medium)
   Insufficient fix on v18.5.0
   CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line \ 
Transfer-Encoding (Medium)
   Insufficient fix on v18.5.0
   CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields \ 
(Medium)
   CVE-2022-35255: Weak randomness in WebCrypto keygen

Next | Query returned 1 messages, browsing 1 to 10 | previous