Summary: | <net-libs/nodejs-{14.21.3,16.19.1,18.14.2}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Thomas Stein <himbeere> |
Component: | Current packages | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | jstein, williamh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/ | ||
Whiteboard: | B4 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 898962 | ||
Bug Blocks: |
Description
Thomas Stein
2023-02-20 13:10:04 UTC
From the 14.21.3, 16.19.1, 18.14.1 release notes: "* **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Node.js Permissions policies can be bypassed via process.mainModule (High) * **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) * **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low)" Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2f66798f01cf1e4b2bdd88d599d57c9da3d95c5 commit d2f66798f01cf1e4b2bdd88d599d57c9da3d95c5 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-03-03 03:01:15 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-03-03 03:01:58 +0000 net-libs/nodejs: add 14.21.3, 16.19.1, 18.14.2 Bug: https://bugs.gentoo.org/895544 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 3 + net-libs/nodejs/nodejs-14.21.3.ebuild | 241 +++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-16.19.1.ebuild | 233 ++++++++++++++++++++++++++++++ net-libs/nodejs/nodejs-18.14.2.ebuild | 258 ++++++++++++++++++++++++++++++++++ 4 files changed, 735 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=48eaf5c117d7deca7847f781907a196ea180250f commit 48eaf5c117d7deca7847f781907a196ea180250f Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2023-03-05 20:52:26 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2023-03-05 20:53:36 +0000 net-libs/nodejs: drop 14.21.1, 16.18.1, 18.12.1 Bug: https://bugs.gentoo.org/895544 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 3 - net-libs/nodejs/nodejs-14.21.1.ebuild | 241 -------------------------------- net-libs/nodejs/nodejs-16.18.1.ebuild | 233 ------------------------------- net-libs/nodejs/nodejs-18.12.1.ebuild | 251 ---------------------------------- 4 files changed, 728 deletions(-) |