Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 835615 - <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities
Summary: <net-libs/nodejs-{14.19.3,16.14.2}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://nodejs.org/en/blog/vulnerabil...
Whiteboard: B3 [glsa+]
Keywords:
Depends on:
Blocks: CVE-2022-0778
  Show dependency tree
 
Reported: 2022-03-19 08:17 UTC by Thomas Stein
Modified: 2024-05-08 11:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Stein 2022-03-19 08:17:55 UTC
Hello Devs.

Unfortunately another security bugfix release.
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-19 18:13:47 UTC
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right?

https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-07 15:38:56 UTC
I guess we are with USE=-system-ssl.
Comment 3 Larry the Git Cow gentoo-dev 2024-05-08 11:16:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1

commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 11:16:15 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 11:16:37 +0000

    [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/772422
    Bug: https://bugs.gentoo.org/781704
    Bug: https://bugs.gentoo.org/800986
    Bug: https://bugs.gentoo.org/805053
    Bug: https://bugs.gentoo.org/807775
    Bug: https://bugs.gentoo.org/811273
    Bug: https://bugs.gentoo.org/817938
    Bug: https://bugs.gentoo.org/831037
    Bug: https://bugs.gentoo.org/835615
    Bug: https://bugs.gentoo.org/857111
    Bug: https://bugs.gentoo.org/865627
    Bug: https://bugs.gentoo.org/872692
    Bug: https://bugs.gentoo.org/879617
    Bug: https://bugs.gentoo.org/918086
    Bug: https://bugs.gentoo.org/918614
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)