Subject: CVS commit: [pkgsrc-2022Q3] pkgsrc/lang/nodejs
From: Benny Siegert
Date: 2022-10-03 17:32:47
Message id: 20221003153247.D33E3FA90@cvs.NetBSD.org

Log Message:
Pullup ticket #6678 - requested by taca
lang/nodejs: security fix

Revisions pulled up:
- lang/nodejs/Makefile                                          1.241
- lang/nodejs/PLIST                                             1.65
- lang/nodejs/distinfo                                          1.222

---
   Module Name:	pkgsrc
   Committed By:	adam
   Date:		Tue Sep 27 07:59:10 UTC 2022

   Modified Files:
   	pkgsrc/lang/nodejs: Makefile PLIST distinfo

   Log Message:
   nodejs: updated to 18.9.1

   Version 18.9.1 (Current)

   This is a security release.

   Notable changes

   The following CVEs are fixed in this release:

   CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
   Insufficient fix for macOS devices on v18.5.0
   CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup \ 
on MacOS (Medium)
   CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding \ 
(Medium)
   Insufficient fix on v18.5.0
   CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line \ 
Transfer-Encoding (Medium)
   Insufficient fix on v18.5.0
   CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields \ 
(Medium)
   CVE-2022-35255: Weak randomness in WebCrypto keygen

Files:
RevisionActionfile
1.240.2.1modifypkgsrc/lang/nodejs/Makefile
1.64.4.1modifypkgsrc/lang/nodejs/PLIST
1.221.2.1modifypkgsrc/lang/nodejs/distinfo