projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70009d3) | patch
node: bump to v16.19.1
authorHirokazu MORIKAWA <morikw2@gmail.com>
Fri, 17 Feb 2023 02:51:35 +0000 (11:51 +0900)
committerHirokazu MORIKAWA <morikw2@gmail.com>
Fri, 17 Feb 2023 02:51:35 +0000 (11:51 +0900)
commit6cd5a2c57f8120d4b65518ee0dee559d4fe2c75c
tree7d3b73ee420258177ca268fd3afa5c45ce2e291etree | snapshot
parent70009d3586721e656eaab6d935ac4e30dc615ad8commit | diff
node: bump to v16.19.1

Thursday February 16 2023 Security Releases

Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
lang/node/Makefile diff | blob | history
lang/node/patches/003-path.patch diff | blob | history
Mirror of packages feed