mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

nodejs: fix CVE-2022-25883

Browse Source 
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression
Denial of Service (ReDoS) via the function new Range, when untrusted user data is
provided as a range.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-25883

Upstream patches:
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Polampalli, Archana
2023-08-31 04:57:43 +00:00
committed by Armin Kuster
parent 71d9cabed7
commit d3ee870fb0
2 changed files with 263 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/nodejs/nodejs_16.20.2.bb
+1
View File
@@ -26,6 +26,7 @@ SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
file://0001-liftoff-Correct-function-signatures.patch \
file://0001-mips-Use-32bit-cast-for-operand-on-mips32.patch \
file://0001-Nodejs-Fixed-pipes-DeprecationWarning.patch \
file://CVE-2022-25883.patch \
"
SRC_URI:append:class-target = " \
file://0001-Using-native-binaries.patch \