projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d0d67de) | patch
node: January 21, 2025 Security Releases
authorHirokazu MORIKAWA <morikw2@gmail.com>
Thu, 23 Jan 2025 05:27:18 +0000 (14:27 +0900)
committerTianling Shen <cnsztl@gmail.com>
Fri, 24 Jan 2025 07:55:15 +0000 (15:55 +0800)
commit643afd8977be40464ec2aed66972a754aa2585ac
tree5ca121730be8fe3959f850d1d40cbf774789b6catree | snapshot
parentd0d67ded93936657b232dae93eaf25924a7431fdcommit | diff
node: January 21, 2025 Security Releases

This is a security release.

Notable Changes

    CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
    CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
    CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

    CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
lang/node/Makefile diff | blob | history
lang/node/patches/003-path.patch diff | blob | history
lang/node/patches/200-uv_gyp.patch diff | blob | history
lang/node/patches/202-node_gyp.patch diff | blob | history
lang/node/patches/204-v8_gyp.patch diff | blob | history
lang/node/patches/999-fix_building_with_system_icu_76.patch [deleted file] blob | history
lang/node/patches/999-localhost-no-addrconfig.patch diff | blob | history
lang/node/patches/999-revert_enable_pointer_authentication_on_arm64.patch diff | blob | history
Mirror of packages feed