Details at URL, fixes are in 14.20.1, 16.17.1, 18.9.1.
Note that CVE-2022-32212 and CVE-2022-32213 from bug 857111 are in this advisory too as incomplete fixes.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66f14e514723b54528dee2a0bbcd38a795926a4f commit 66f14e514723b54528dee2a0bbcd38a795926a4f Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-09-25 03:58:21 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-09-25 03:58:59 +0000 net-libs/nodejs: add 14.20.1, 16.17.1, 18.9.1 Bug: https://bugs.gentoo.org/872692 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 3 + net-libs/nodejs/nodejs-14.20.1.ebuild | 240 ++++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-16.17.1.ebuild | 232 +++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-18.9.1.ebuild | 250 ++++++++++++++++++++++++++++++++++ 4 files changed, 725 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73705b2078a9c825efd2fe23bbeb9e6400a1edb4 commit 73705b2078a9c825efd2fe23bbeb9e6400a1edb4 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-09-25 17:19:42 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-09-25 17:21:05 +0000 net-libs/nodejs: drop vulnerable versions Bug: https://bugs.gentoo.org/872692 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 6 - net-libs/nodejs/nodejs-14.20.0.ebuild | 240 -------------------------------- net-libs/nodejs/nodejs-16.16.0.ebuild | 225 ------------------------------ net-libs/nodejs/nodejs-16.17.0.ebuild | 232 ------------------------------- net-libs/nodejs/nodejs-18.6.0.ebuild | 225 ------------------------------ net-libs/nodejs/nodejs-18.7.0.ebuild | 243 --------------------------------- net-libs/nodejs/nodejs-18.9.0.ebuild | 250 ---------------------------------- 7 files changed, 1421 deletions(-)
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1 commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 11:16:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 11:16:37 +0000 [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/772422 Bug: https://bugs.gentoo.org/781704 Bug: https://bugs.gentoo.org/800986 Bug: https://bugs.gentoo.org/805053 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/811273 Bug: https://bugs.gentoo.org/817938 Bug: https://bugs.gentoo.org/831037 Bug: https://bugs.gentoo.org/835615 Bug: https://bugs.gentoo.org/857111 Bug: https://bugs.gentoo.org/865627 Bug: https://bugs.gentoo.org/872692 Bug: https://bugs.gentoo.org/879617 Bug: https://bugs.gentoo.org/918086 Bug: https://bugs.gentoo.org/918614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)
