857111 – (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222) <net-libs/nodejs-{14.20.0,16.16.0,18.5.0}: multiple vulnerabilities

Bug 857111 (CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222) - <net-libs/nodejs-{14.20.0,16.16.0,18.5.0}: multiple vulnerabilities

Summary: <net-libs/nodejs-{14.20.0,16.16.0,18.5.0}: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-32222

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://nodejs.org/en/blog/vulnerabil...
Whiteboard:	A3 [glsa+]
Keywords:

Depends on:	861314
Blocks:
	Show dependency tree

Reported:	2022-07-09 07:12 UTC by Thomas Stein
Modified:	2024-05-08 11:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Stein 2022-07-09 07:12:16 UTC

Hello Devs.

Juli Security Releases out.

cheers, t.

Reproducible: Always

Comment 1 John Helmert III archtester

2022-07-12 01:33:53 UTC

Thanks. I saw these releases but the only obvious security-relevant fix was the OpenSSL update.

Fixes in 14.20.0, 16.16.0, 18.5.0.

Comment 2 John Helmert III archtester

2022-07-29 16:50:51 UTC

Please cleanup

Comment 3 Larry the Git Cow gentoo-dev

2022-07-31 18:20:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1c23eefc28408b24a0c543519d81c07e46c64464

commit 1c23eefc28408b24a0c543519d81c07e46c64464
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-07-31 18:19:12 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-07-31 18:19:27 +0000

    net-libs/nodejs: drop 14.19.3, 16.15.1, 18.3.0, 18.4.0
    
    Bug: https://bugs.gentoo.org/857111
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-libs/nodejs/Manifest              |   4 -
 net-libs/nodejs/nodejs-14.19.3.ebuild | 227 ----------------------------------
 net-libs/nodejs/nodejs-16.15.1.ebuild | 219 --------------------------------
 net-libs/nodejs/nodejs-18.3.0.ebuild  | 219 --------------------------------
 net-libs/nodejs/nodejs-18.4.0.ebuild  | 219 --------------------------------
 5 files changed, 888 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2024-05-08 11:16:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1

commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 11:16:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 11:16:37 +0000

    [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/772422
    Bug: https://bugs.gentoo.org/781704
    Bug: https://bugs.gentoo.org/800986
    Bug: https://bugs.gentoo.org/805053
    Bug: https://bugs.gentoo.org/807775
    Bug: https://bugs.gentoo.org/811273
    Bug: https://bugs.gentoo.org/817938
    Bug: https://bugs.gentoo.org/831037
    Bug: https://bugs.gentoo.org/835615
    Bug: https://bugs.gentoo.org/857111
    Bug: https://bugs.gentoo.org/865627
    Bug: https://bugs.gentoo.org/872692
    Bug: https://bugs.gentoo.org/879617
    Bug: https://bugs.gentoo.org/918086
    Bug: https://bugs.gentoo.org/918614
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)