Summary: | <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Stein <himbeere> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jstein, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/ | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 882525 |
Description
Thomas Stein
2022-03-19 08:17:55 UTC
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right? https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137 I guess we are with USE=-system-ssl. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1 commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 11:16:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 11:16:37 +0000 [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/772422 Bug: https://bugs.gentoo.org/781704 Bug: https://bugs.gentoo.org/800986 Bug: https://bugs.gentoo.org/805053 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/811273 Bug: https://bugs.gentoo.org/817938 Bug: https://bugs.gentoo.org/831037 Bug: https://bugs.gentoo.org/835615 Bug: https://bugs.gentoo.org/857111 Bug: https://bugs.gentoo.org/865627 Bug: https://bugs.gentoo.org/872692 Bug: https://bugs.gentoo.org/879617 Bug: https://bugs.gentoo.org/918086 Bug: https://bugs.gentoo.org/918614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) |