meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00

Commit Graph

Author	SHA1	Message	Date
Polampalli, Archana	d3ee870fb0	nodejs: fix CVE-2022-25883 Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. References: https://nvd.nist.gov/vuln/detail/CVE-2022-25883 Upstream patches: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-09-04 11:59:59 -04:00
Polampalli, Archana	529620141e	nodejs: upgrade 16.20.1 -> 16.20.2 This release contains bug fixes only. The following CVEs have been addressed: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559 $ git log --oneline v16.20.1..v16.20.2 dadbde963f (tag: v16.20.2) 2023-08-09, Version 16.20.2 'Gallium' (LTS) d8ccfe9ad4 policy: handle Module.constructor and main.extensions bypass 242aaa0caa policy: disable process.binding() when enabled 40c3958a5a deps: update archs files for OpenSSL-1.1.1v a9ac9da89a deps: fix openssl crypto clean 362d4c7494 deps: upgrade openssl sources to OpenSSL_1_1_1v 7447de2794 Working on v16.20.2 https://github.com/nodejs/node/releases/tag/v16.20.2 Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>	2023-08-11 10:32:04 -04:00

Author

SHA1

Message

Date

Polampalli, Archana

d3ee870fb0

nodejs: fix CVE-2022-25883

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression
Denial of Service (ReDoS) via the function new Range, when untrusted user data is
provided as a range.

References:
https://nvd.nist.gov/vuln/detail/CVE-2022-25883

Upstream patches:
https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-09-04 11:59:59 -04:00

Polampalli, Archana

529620141e

nodejs: upgrade 16.20.1 -> 16.20.2

This release contains bug fixes only.
The following CVEs have been addressed:

CVE-2023-32002
CVE-2023-32006
CVE-2023-32559

$ git log --oneline v16.20.1..v16.20.2
dadbde963f (tag: v16.20.2) 2023-08-09, Version 16.20.2 'Gallium' (LTS)
d8ccfe9ad4 policy: handle Module.constructor and main.extensions bypass
242aaa0caa policy: disable process.binding() when enabled
40c3958a5a  deps: update archs files for OpenSSL-1.1.1v
a9ac9da89a deps: fix openssl crypto clean
362d4c7494 deps: upgrade openssl sources to OpenSSL_1_1_1v
7447de2794 Working on v16.20.2

https://github.com/nodejs/node/releases/tag/v16.20.2

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

2023-08-11 10:32:04 -04:00

2 Commits