Overview
Request 1103349 accepted
- Update to version 20.5.1:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
the permission model through path traversal (High)
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
by specifying a path traversal sequence in a Buffer (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
by module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
via process.binding (Medium)
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
the permission model (Low)
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
can bypass the permission model (Low)
- Changes in 20.5.0:
* events: allow safely adding listener to abortSignal
* fs: add a fast-path for readFileSync utf-8
* test_runner: add shards support
- Changes in 20.4.0:
* tls: add ALPNCallback server option for dynamic ALPN negotiation
* adds support for ECMAScript Explicit Resource Management
* adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed
Request History
adamm created request
- Update to version 20.5.1:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
the permission model through path traversal (High)
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
by specifying a path traversal sequence in a Buffer (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
by module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
via process.binding (Medium)
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
the permission model (Low)
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
can bypass the permission model (Low)
- Changes in 20.5.0:
* events: allow safely adding listener to abortSignal
* fs: add a fast-path for readFileSync utf-8
* test_runner: add shards support
- Changes in 20.4.0:
* tls: add ALPNCallback server option for dynamic ALPN negotiation
* adds support for ECMAScript Explicit Resource Management
* adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar_suse set openSUSE:Factory:Staging:F as a staging project
Being evaluated by staging project "openSUSE:Factory:Staging:F"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:F"
licensedigger accepted review
The legal review is accepted preliminary. The package may require actions later on.
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:F got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:F got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:F got accepted.