835615 – <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities

Bug 835615 - <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities

Summary: <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://nodejs.org/en/blog/vulnerabil...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:	CVE-2022-0778
	Show dependency tree

Reported:	2022-03-19 08:17 UTC by Thomas Stein
Modified:	2023-12-24 10:15 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Stein 2022-03-19 08:17:55 UTC

Hello Devs.

Unfortunately another security bugfix release.
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/

Reproducible: Always

Comment 1 John Helmert III archtester

2022-03-19 18:13:47 UTC

That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right?

https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137

Comment 2 John Helmert III archtester

2022-11-07 15:38:56 UTC

I guess we are with USE=-system-ssl.