Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 835615

Summary: <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities
Product: Gentoo Security Reporter: Thomas Stein <himbeere>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: jstein, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/
Whiteboard: B3 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 882525    

Description Thomas Stein 2022-03-19 08:17:55 UTC
Hello Devs.

Unfortunately another security bugfix release.
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 18:13:47 UTC
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right?

https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-07 15:38:56 UTC
I guess we are with USE=-system-ssl.
Comment 3 Larry the Git Cow gentoo-dev 2024-05-08 11:16:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1

commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 11:16:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 11:16:37 +0000

    [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/772422
    Bug: https://bugs.gentoo.org/781704
    Bug: https://bugs.gentoo.org/800986
    Bug: https://bugs.gentoo.org/805053
    Bug: https://bugs.gentoo.org/807775
    Bug: https://bugs.gentoo.org/811273
    Bug: https://bugs.gentoo.org/817938
    Bug: https://bugs.gentoo.org/831037
    Bug: https://bugs.gentoo.org/835615
    Bug: https://bugs.gentoo.org/857111
    Bug: https://bugs.gentoo.org/865627
    Bug: https://bugs.gentoo.org/872692
    Bug: https://bugs.gentoo.org/879617
    Bug: https://bugs.gentoo.org/918086
    Bug: https://bugs.gentoo.org/918614
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)