Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 835615

Summary: <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities
Product: Gentoo Security Reporter: Thomas Stein <himbeere>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: jstein, williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 882525    

Description Thomas Stein 2022-03-19 08:17:55 UTC 
Hello Devs.

Unfortunately another security bugfix release.
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 18:13:47 UTC 
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right?

https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-07 15:38:56 UTC 
I guess we are with USE=-system-ssl.