845261 – <net-libs/nodejs-{14.19.3,16.15.1,18.3.0}: Multiple vulnerabilities in bundled openssl

Bug 845261 - <net-libs/nodejs-{14.19.3,16.15.1,18.3.0}: Multiple vulnerabilities in bundled openssl

Summary: <net-libs/nodejs-{14.19.3,16.15.1,18.3.0}: Multiple vulnerabilities in bundle...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://nodejs.org/en/blog/vulnerabil...
Whiteboard:	~3 [noglsa]
Keywords:

Depends on:	850649
Blocks:	CVE-2022-1292, CVE-2022-1473
	Show dependency tree

Reported:	2022-05-18 03:24 UTC by Sam James
Modified:	2022-06-15 14:57 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2022-05-18 03:24:28 UTC

Thanks! Fixed in 18.2.0 and friends.

Comment 1 Larry the Git Cow gentoo-dev

2022-06-03 18:44:06 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23f4cffb98b5e0f3fdd35c93f4e3307de8fbb701

commit 23f4cffb98b5e0f3fdd35c93f4e3307de8fbb701
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-06-03 18:33:37 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-06-03 18:43:55 +0000

    net-libs/nodejs: add 14.19.3, 16.15.1, 18.3.0, sync live
    
    Closes: https://bugs.gentoo.org/848777
    Bug: https://bugs.gentoo.org/845261
    Closes: https://bugs.gentoo.org/843296
    Closes: https://github.com/gentoo/gentoo/pulls/25418
    Bug: https://bugs.gentoo.org/787158
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-libs/nodejs/Manifest               |   3 +
 net-libs/nodejs/nodejs-14.19.3.ebuild  | 227 +++++++++++++++++++++++++++++++++
 net-libs/nodejs/nodejs-16.15.1.ebuild  | 219 +++++++++++++++++++++++++++++++
 net-libs/nodejs/nodejs-18.3.0.ebuild   | 219 +++++++++++++++++++++++++++++++
 net-libs/nodejs/nodejs-99999999.ebuild |  13 +-
 5 files changed, 669 insertions(+), 12 deletions(-)

Comment 2 John Helmert III archtester

2022-06-04 15:46:08 UTC

According to URL, this is only affects 17.x and 18.x (which is unstable for us)? So please cleanup remaining affected versions.

Comment 3 Larry the Git Cow gentoo-dev

2022-06-08 19:43:31 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1edf8893d9b7b12c54b6545b9de48a226b9858fe

commit 1edf8893d9b7b12c54b6545b9de48a226b9858fe
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-06-08 19:42:33 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-06-08 19:43:03 +0000

    net-libs/nodejs: drop 18.1.0
    
    Bug: https://bugs.gentoo.org/845261
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-libs/nodejs/Manifest             |   1 -
 net-libs/nodejs/nodejs-18.1.0.ebuild | 230 -----------------------------------
 2 files changed, 231 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2022-06-15 14:47:43 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19cdd7edb2f19b1bf8814e2f53550cca266fd75e

commit 19cdd7edb2f19b1bf8814e2f53550cca266fd75e
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2022-06-15 14:46:12 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2022-06-15 14:46:38 +0000

    net-libs/nodejs: drop 14.19.0, 16.14.2
    
    Bug: https://bugs.gentoo.org/845261
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 net-libs/nodejs/Manifest              |   2 -
 net-libs/nodejs/nodejs-14.19.0.ebuild | 241 ----------------------------------
 net-libs/nodejs/nodejs-16.14.2.ebuild | 230 --------------------------------
 3 files changed, 473 deletions(-)

Comment 5 John Helmert III archtester

2022-06-15 14:57:19 UTC

Thanks, all done!