projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 774d1a4) | patch
node: August 2023 Security Releases
authorHirokazu MORIKAWA <morikw2@gmail.com>
Thu, 10 Aug 2023 05:21:46 +0000 (14:21 +0900)
committerHannu Nyman <hannu.nyman@iki.fi>
Thu, 10 Aug 2023 17:03:26 +0000 (20:03 +0300)
commit4b93f12b43dcd88aa848e06a291971dd7f8288a2
tree87ce61f11968aa4c81417ead242a3e811e93570dtree | snapshot
parent774d1a476081c110a61954ed1651ffbee22dba7ccommit | diff
node: August 2023 Security Releases

Update to v18.17.1
This is a security release.

Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-32002: Policies can be bypassed via Module._load (High)
* CVE-2023-32006: Policies can be bypassed by module.constructor.createRequire (Medium)
* CVE-2023-32559: Policies can be bypassed via process.binding (Medium)
* OpenSSL Security Releases  (Depends on shared library provided by OpenWrt)
    * OpenSSL security advisory 14th July.
    * OpenSSL security advisory 19th July.
    * OpenSSL security advisory 31st July

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
(cherry picked from commit 153f0b3d83dcbab5e05f7c1b38067071e96a30aa)
lang/node/Makefile diff | blob | history
Mirror of packages feed