Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
patchinfo.27654
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.27654
<patchinfo incident="27654"> <issue tracker="bnc" id="1200303">nodejs16 package uses hardcoded default SSL cipher list instead of PROFILE=SYSTEM</issue> <issue tracker="bnc" id="1205042">[TRACKERBUG] Set OpenSSL 3.0 as the default openssl in TW</issue> <issue tracker="bnc" id="1203832">VUL-0: CVE-2022-35256: nodejs10,nodejs8,nodejs12,nodejs16,nodejs14,nodejs4,nodejs6: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields</issue> <issue tracker="bnc" id="1201326">VUL-0: CVE-2022-32214: nodejs: HTTP request smuggling due to improper delimiting of header fields</issue> <issue tracker="bnc" id="1205236">[Staging] icu 72.1 breaks nodejs18/nodejs19</issue> <issue tracker="bnc" id="1201325">VUL-0: CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding</issue> <issue tracker="bnc" id="1201328">VUL-0: CVE-2022-32212: nodejs: DNS rebinding in --inspect via invalid IP addresses</issue> <issue tracker="bnc" id="1201327">VUL-0: CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding</issue> <issue tracker="bnc" id="1203831">VUL-0: CVE-2022-35255: nodejs16: Weak randomness in WebCrypto keygen</issue> <issue tracker="bnc" id="1205119">VUL-0: CVE-2022-43548: nodejs14,nodejs16: DNS rebinding in --inspect via invalid octal IP address</issue> <issue tracker="cve" id="2022-32213"/> <issue tracker="cve" id="2022-32215"/> <issue tracker="cve" id="2022-35256"/> <issue tracker="cve" id="2022-35255"/> <issue tracker="cve" id="2022-32214"/> <issue tracker="cve" id="2022-43548"/> <issue tracker="cve" id="2022-32212"/> <issue tracker="jsc" id="PED-2097"/> <issue tracker="jsc" id="PED-3192"/> <packager>adamm</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for nodejs18</summary> <description>This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: * build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() * lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support * test_runner: + add t.after() hook + don't use a symbol for runHook() * tls: + add "ca" property to certificate object * util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: * inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: * Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: * added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: * deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: * deps: llhttp updated to 6.0.10 + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: * lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: * bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: * events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: * Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 Update to Nodejs 18.5.0: * http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0 </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor