packages

History

Hirokazu MORIKAWA 6cd5a2c57f node: bump to v16.19.1 Thursday February 16 2023 Security Releases Notable Changes The following CVEs are fixed in this release: * CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) * CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) * CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) * CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) * CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low) More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post. Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>	2023-02-17 11:51:35 +09:00
..
patches	node: bump to v16.19.1	2023-02-17 11:51:35 +09:00
Makefile	node: bump to v16.19.1	2023-02-17 11:51:35 +09:00

Hirokazu MORIKAWA 6cd5a2c57f node: bump to v16.19.1

Thursday February 16 2023 Security Releases

Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

2023-02-17 11:51:35 +09:00

patches

node: bump to v16.19.1

2023-02-17 11:51:35 +09:00

Makefile

node: bump to v16.19.1

2023-02-17 11:51:35 +09:00