FreeBSD Bugzilla – Attachment 236802 Details for
Bug 266593
www/node14: Update to 14.20.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update to 14.20.1
0001-security-vuxml-Add-nodejs-September-22nd-2022-Securi.patch (text/plain), 3.65 KB, created by
Derek Schrock
on 2022-09-25 08:10:14 UTC
(
hide
)
Description:
Update to 14.20.1
Filename:
MIME Type:
Creator:
Derek Schrock
Created:
2022-09-25 08:10:14 UTC
Size:
3.65 KB
patch
obsolete
>From e37840e67ba420a0d551f3607da3c59fc42b7af3 Mon Sep 17 00:00:00 2001 >From: Derek Schrock <dereks@lifeofadishwasher.com> >Date: Sun, 25 Sep 2022 03:24:10 -0400 >Subject: [PATCH] security/vuxml: Add nodejs September 22nd 2022 Security > Releases > >https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/ >--- > security/vuxml/vuln-2022.xml | 60 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 60 insertions(+) > >diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml >index 0f87f6dda2..5c95c0f48c 100644 >--- a/security/vuxml/vuln-2022.xml >+++ b/security/vuxml/vuln-2022.xml >@@ -1,3 +1,63 @@ >+ <vuln vid="895895a6-c56b-4a4e-836b-3777e7b1e7f5"> >+ <topic>nodejs -- September 22nd 2022 Security Releases</topic> >+ <affects> >+ <package> >+ <name>node18</name> >+ <range><lt>18.9.1</lt></range> >+ </package> >+ <package> >+ <name>node16</name> >+ <range><lt>16.17.1</lt></range> >+ </package> >+ <package> >+ <name>node14</name> >+ <range><lt>14.20.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>nodejs project reports:</p> >+ <blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#2022-09-23-version-1891-current-rafaelgss"> >+ <h4>node18</h4> >+ <p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> >+ <p>CVE-2022-32222: Node 18 reads openssl.cnf from /home/iojs/build/ upon startup on MacOS (Medium)</p> >+ <p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> >+ <p>CVE-2022-32215: HTTP Request Smuggling - Incorrect Parsing of Multi-line Transfer-Encoding (Medium)</p> >+ <p>CVE-2022-35255: Weak randomness in WebCrypto keygen</p> >+ <p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> >+ </blockquote> >+ <blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#2022-09-23-version-16171-gallium-lts-ruyadorno"> >+ <h4>node16</h4> >+ <p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> >+ <p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> >+ <p>CVE-2022-35255: Weak randomness in WebCrypto keygen</p> >+ <p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> >+ </blockquote> >+ <blockquote cite="https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md#14.20.1"> >+ <h4>node14</h4> >+ <p>CVE-2022-32212: DNS rebinding in --inspect on macOS (High)</p> >+ <p>CVE-2022-32213: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding (Medium)</p> >+ <p>CVE-2022-35256: HTTP Request Smuggling - Incorrect Parsing of Header Fields (Medium)</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2022-32212</cvename> >+ <cvename>CVE-2022-32222</cvename> >+ <cvename>CVE-2022-32213</cvename> >+ <cvename>CVE-2022-32215</cvename> >+ <cvename>CVE-2022-32255</cvename> >+ <cvename>CVE-2022-32256</cvename> >+ <url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#2022-09-23-version-1891-current-rafaelgss</url> >+ <url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#2022-09-23-version-16171-gallium-lts-ruyadorno</url> >+ <url>https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V14.md#14.20.1</url> >+ </references> >+ <dates> >+ <discovery>2022-09-23</discovery> >+ <entry>2022-09-25</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9"> > <topic>redis -- Potential remote code execution vulnerability</topic> > <affects> >-- >2.37.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=236802">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 266593
: 236802