Revisions of nodejs10
Adam Majer (adamm)
committed
(revision 187)
- CVE-2023-44487.patch: nghttp2 Security Release (CVE-2023-44487, bsc#1216190) - nodejs.keyring: include new releaser keys - newicu_test_fixup.patch: workaround whitespaces funnies in some icu versions
Adam Majer (adamm)
committed
(revision 186)
Adam Majer (adamm)
committed
(revision 185)
- CVE-2022-25881.patch: http-cache-semantics(npm): Don't use regex to trim whitespace (bsc#1208744, CVE-2022-25881)
Adam Majer (adamm)
committed
(revision 184)
- CVE-2023-23920.patch: fixes insecure loading of ICU data through ICU_DATA environment variable (bsc#1208487, CVE-2023-23920)
Adam Majer (adamm)
committed
(revision 183)
- CVE-2022-43548.patch:
* inspector: DNS rebinding in --inspect via invalid octal IP
(bsc#1205119, CVE-2022-43548)
Adam Majer (adamm)
committed
(revision 182)
- CVE-2022-35256.patch: update llhttp to 2.1.6
+ fixes CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
+ fixes incorrect parsing of header fields (CVE-2022-35256, bsc#1203832)
Adam Majer (adamm)
committed
(revision 181)
CVE-2022-32214, CVE-2022-32215, bsc#1191602, CVE-2021-22960, bsc#1191601, CVE-2021-22959)
Adam Majer (adamm)
committed
(revision 180)
- CVE-2021-22930.patch: backports http2 fixes (bsc#1188917, bsc#1189368, CVE-2021-22930, CVE-2021-22940) - CVE-2022-32213.patch: backport llhttp http parser fixes (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) - CVE-2022-32212.patch: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212)
Adam Majer (adamm)
committed
(revision 179)
- CVE-2021-22940.patch: merged with CVE-2021-22930.patch
Adam Majer (adamm)
committed
(revision 178)
Adam Majer (adamm)
committed
(revision 177)
- CVE-2021-44906.patch: fix prototype pollution in npm dependency (bsc#1198247, CVE-2021-44906) - CVE-2021-44907.patch: fix insuficient sanitation in npm dependency (bsc#1197283, CVE-2021-44907) - CVE-2022-0235.patch: fix passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819, CVE-2022-0235) * CVE-2021-32803 - node-tar: Insufficient symlink protection
Adam Majer (adamm)
committed
(revision 175)
- CVE-2022-21824.patch: fix prototype pollution via console.table
Adam Majer (adamm)
committed
(revision 174)
* CVE-2021-3918 - json-schema is vulnerable to Improperly
Controlled Modification of Object Prototype Attributes (bsc#1192696)
- CVE-2021-3807.patch: node-ansi-regex: Regular expression
denial of service (ReDoS) matching ANSI escape codes
(bsc#1192154, CVE-2021-3807)
Adam Majer (adamm)
committed
(revision 173)
- npm-v6.14.16.tar.gz: update to npm 6.14.16 fixing
* CVE-2021-23343 - ReDoS via splitDeviceRe, splitTailRe and
splitPathRe (bsc#1192153)
* CVE-2021-23343 - node-tar: Insufficient symlink protection
allowing arbitrary file creation and overwrite (bsc#1191963)
* CVE-2021-32804 - node-tar: Insufficient absolute path sanitization
allowing arbitrary file creation and overwrite (bsc#1191962)
Adam Majer (adamm)
committed
(revision 172)
- CVE-2022-21824.patch: fix prototype pollution via console.table
Adam Majer (adamm)
committed
(revision 170)
- CVE-2021-22939.patch: Incomplete validation of rejectUnauthorized parameter (bsc#1189369, CVE-2021-22939) (bsc#1188881, bsc#1189370, CVE-2021-3672, CVE-2021-22931)
Adam Majer (adamm)
committed
(revision 169)
- test_ssl_cert_fixups.patch: fixup SSL certificates in unit tests - cares_172.patch: update c-ares to 1.17.2. (bsc#1188881, CVE-2021-3672)
Adam Majer (adamm)
committed
(revision 168)
Displaying revisions 1 - 20 of 187
