git.openwrt.org Git - feed/packages.git/commit

author	Hirokazu MORIKAWA <morikw2@gmail.com>
	Wed, 21 Jun 2023 02:27:48 +0000 (11:27 +0900)
committer	Hirokazu MORIKAWA <morikw2@gmail.com>
	Wed, 21 Jun 2023 02:27:48 +0000 (11:27 +0900)
commit	286d1d11ae451e9e90897aacd7ae20ec76e2cab5
tree	a08ef69e6c1e7e1c4a067dedc039303b6acceeac	tree \| snapshot
parent	9536d28384d0d924e8b03ce42dbc2d61ce4174d0	commit \| diff

node: June 20 2023 Security Releases

Update to v18.16.1

The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
    * OpenSSL security advisory 28th March.
    * OpenSSL security advisory 20th April.
    * OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
    * GHSA-9g78-jv2r-p7vc
    * GHSA-8r8p-23f3-64c2
    * GHSA-54xr-f67r-4pc4
    * GHSA-x6mf-cxr9-8q6v

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>

lang/node/Makefile		diff \| blob \| history
lang/node/patches/003-path.patch		diff \| blob \| history