Hello Devs. Unfortunately another security bugfix release. https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/ Reproducible: Always
That's the OpenSSL vulnerability in bug 835343, and in NodeJS we don't use the bundled version, right? https://github.com/gentoo/gentoo/blob/master/net-libs/nodejs/nodejs-16.14.1.ebuild#L137
I guess we are with USE=-system-ssl.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1 commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 11:16:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 11:16:37 +0000 [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/772422 Bug: https://bugs.gentoo.org/781704 Bug: https://bugs.gentoo.org/800986 Bug: https://bugs.gentoo.org/805053 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/811273 Bug: https://bugs.gentoo.org/817938 Bug: https://bugs.gentoo.org/831037 Bug: https://bugs.gentoo.org/835615 Bug: https://bugs.gentoo.org/857111 Bug: https://bugs.gentoo.org/865627 Bug: https://bugs.gentoo.org/872692 Bug: https://bugs.gentoo.org/879617 Bug: https://bugs.gentoo.org/918086 Bug: https://bugs.gentoo.org/918614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)