Four vulnerabilities published yesterday: Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Prototype pollution via console.table properties (Low)(CVE-2022-21824) Seems fixed versions are 12.22.9, 14.18.3, 16.13.2, 17.3.1.
*** Bug 831351 has been marked as a duplicate of this bug. ***
May I ask what prevents us from updating the nodejs ebuilds? Seems this bug ist marked of a bug which is in turn marked as a bug of this on.
I meant duplicate of course. :)
(In reply to Thomas Stein from comment #2) > May I ask what prevents us from updating the nodejs ebuilds? Seems this bug > ist marked of a bug which is in turn marked as a bug of this on. Presumably just maintainer time. NodeJS is somewhat notorious for requiring lots of maintenance time. That said: ping, William.
I'll work on these bumps today.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6286012b3486b92a400cd116512f807a9b20dcb commit b6286012b3486b92a400cd116512f807a9b20dcb Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:19 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:19 +0000 net-libs/nodejs: add 12.22.10 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + .../files/nodejs-12.22.10-global-npm-config.patch | 20 ++ net-libs/nodejs/nodejs-12.22.10.ebuild | 249 +++++++++++++++++++++ 3 files changed, 270 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4d409d22398cb3d4937d00663d3fdaed05f19763 commit 4d409d22398cb3d4937d00663d3fdaed05f19763 Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:18 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:18 +0000 net-libs/nodejs: add 14.19.0 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + .../files/nodejs-14.19.0-global-npm-config.patch | 20 ++ net-libs/nodejs/nodejs-14.19.0.ebuild | 241 +++++++++++++++++++++ 3 files changed, 262 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9ef8e6d6d46839f8801ccbf71da5e1229eb0c3d commit a9ef8e6d6d46839f8801ccbf71da5e1229eb0c3d Author: William Hubbs <williamh@gentoo.org> AuthorDate: 2022-03-17 21:39:18 +0000 Commit: William Hubbs <williamh@gentoo.org> CommitDate: 2022-03-17 21:39:18 +0000 net-libs/nodejs: add 16.14.1 Bug: https://bugs.gentoo.org/831037 Signed-off-by: William Hubbs <williamh@gentoo.org> net-libs/nodejs/Manifest | 1 + net-libs/nodejs/nodejs-16.14.1.ebuild | 230 ++++++++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+)
Thanks! Please stabilize fixed 12.x and 14.x versions.
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=88bffd0cf8491b108b57ac229b72f8b472c31ed1 commit 88bffd0cf8491b108b57ac229b72f8b472c31ed1 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 11:16:15 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 11:16:37 +0000 [ GLSA 202405-29 ] Node.js: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/772422 Bug: https://bugs.gentoo.org/781704 Bug: https://bugs.gentoo.org/800986 Bug: https://bugs.gentoo.org/805053 Bug: https://bugs.gentoo.org/807775 Bug: https://bugs.gentoo.org/811273 Bug: https://bugs.gentoo.org/817938 Bug: https://bugs.gentoo.org/831037 Bug: https://bugs.gentoo.org/835615 Bug: https://bugs.gentoo.org/857111 Bug: https://bugs.gentoo.org/865627 Bug: https://bugs.gentoo.org/872692 Bug: https://bugs.gentoo.org/879617 Bug: https://bugs.gentoo.org/918086 Bug: https://bugs.gentoo.org/918614 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-29.xml | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+)