Four vulnerabilities published yesterday: Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Prototype pollution via console.table properties (Low)(CVE-2022-21824) Seems fixed versions are 12.22.9, 14.18.3, 16.13.2, 17.3.1.
*** Bug 831351 has been marked as a duplicate of this bug. ***
May I ask what prevents us from updating the nodejs ebuilds? Seems this bug ist marked of a bug which is in turn marked as a bug of this on.
I meant duplicate of course. :)
(In reply to Thomas Stein from comment #2) > May I ask what prevents us from updating the nodejs ebuilds? Seems this bug > ist marked of a bug which is in turn marked as a bug of this on. Presumably just maintainer time. NodeJS is somewhat notorious for requiring lots of maintenance time. That said: ping, William.
I'll work on these bumps today.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6286012b3486b92a400cd116512f807a9b20dcb commit b6286012b3486b92a400cd116512f807a9b20dcb Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:19 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:19 +0000 net-libs/nodejs: add 12.22.10 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + .../files/nodejs-12.22.10-global-npm-config.patch | 20 ++ net-libs/nodejs/nodejs-12.22.10.ebuild | 249 +++++++++++++++++++++ 3 files changed, 270 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d409d22398cb3d4937d00663d3fdaed05f19763 commit 4d409d22398cb3d4937d00663d3fdaed05f19763 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:18 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:18 +0000 net-libs/nodejs: add 14.19.0 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + .../files/nodejs-14.19.0-global-npm-config.patch | 20 ++ net-libs/nodejs/nodejs-14.19.0.ebuild | 241 +++++++++++++++++++++ 3 files changed, 262 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9ef8e6d6d46839f8801ccbf71da5e1229eb0c3d commit a9ef8e6d6d46839f8801ccbf71da5e1229eb0c3d Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:18 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:18 +0000 net-libs/nodejs: add 16.14.1 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + net-libs/nodejs/nodejs-16.14.1.ebuild | 230 ++++++++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+)
Thanks! Please stabilize fixed 12.x and 14.x versions.
Please cleanup