Summary: | <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Stein <himbeere> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | jstein, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 882525 |
Description
Thomas Stein
2022-03-19 08:17:55 UTC
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right? https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137 I guess we are with USE=-system-ssl. |