Request 1103349: Submit nodejs20 - openSUSE Build Service

Overview

Request 1103349 accepted

- Update to version 20.5.1:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
the permission model through path traversal (High)
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
by specifying a path traversal sequence in a Buffer (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
by module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
via process.binding (Medium)
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
the permission model (Low)
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
can bypass the permission model (Low)
- Changes in 20.5.0:
* events: allow safely adding listener to abortSignal
* fs: add a fast-path for readFileSync utf-8
* test_runner: add shards support
- Changes in 20.4.0:
* tls: add ALPNCallback server option for dynamic ALPN negotiation
* adds support for ECMAScript Explicit Resource Management
* adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed

Created by adamm 10 months ago
In state accepted

Submit nodejs20

Comments for request 1103349 0

Login required, please login in order to comment

Request History

adamm created request 10 months ago

- Update to version 20.5.1:
* (CVE-2023-32002, bsc#1214150): Policies can be bypassed
via Module._load (High)
* (CVE-2023-32558, bsc#1214155): process.binding() can bypass
the permission model through path traversal (High)
* (CVE-2023-32004, bsc#1214152): Permission model can be bypassed
by specifying a path traversal sequence in a Buffer (High)
* (CVE-2023-32006, bsc#1214156): Policies can be bypassed
by module.constructor.createRequire (Medium)
* (CVE-2023-32559, bsc#1214154): Policies can be bypassed
via process.binding (Medium)
* (CVE-2023-32005, bsc#1214153): fs.statfs can bypass
the permission model (Low)
* (CVE-2023-32003, bsc#1214151): fs.mkdtemp() and fs.mkdtempSync()
can bypass the permission model (Low)
- Changes in 20.5.0:
* events: allow safely adding listener to abortSignal
* fs: add a fast-path for readFileSync utf-8
* test_runner: add shards support
- Changes in 20.4.0:
* tls: add ALPNCallback server option for dynamic ALPN negotiation
* adds support for ECMAScript Explicit Resource Management
* adds Mock Timer support to test module
For details see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.5.1
versioned.patch: refreshed

factory-auto added opensuse-review-team as a reviewer 10 months ago

Please review sources

factory-auto accepted review 10 months ago

Check script succeeded

dimstar_suse set openSUSE:Factory:Staging:F as a staging project 10 months ago

Being evaluated by staging project "openSUSE:Factory:Staging:F"

dimstar_suse accepted review 10 months ago

Picked "openSUSE:Factory:Staging:F"

licensedigger accepted review 10 months ago

The legal review is accepted preliminary. The package may require actions later on.

dimstar accepted review 10 months ago

dimstar_suse accepted review 10 months ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse approved review 10 months ago

Staging Project openSUSE:Factory:Staging:F got accepted.

dimstar_suse accepted request 10 months ago

Staging Project openSUSE:Factory:Staging:F got accepted.

openSUSE Build Service is sponsored by