a240f9da85
Fixes the following security issues:
- CVE-2023-23918: Node.js Permissions policies can be bypassed via
process.mainModule (High)
- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
library (Medium)
- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
environment variable (Low)
- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
injection in host headers (Medium)
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff
- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
fetch API (Low)
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w
For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
Update LICENSE hash after an update of the openssl license snippet:
|
||
|---|---|---|
| .. | ||
| 0001-add-qemu-wrapper-support.patch | ||
| 0002-check-if-uclibc-has-backtrace-support.patch | ||
| 0003-include-obj-name-in-shared-intermediate.patch | ||
| 0004-lib-internal-modules-cjs-loader.js-adjust-default-pa.patch | ||
| Config.in | ||
| Config.in.host | ||
| nodejs.hash | ||
| nodejs.mk | ||
| v8-qemu-wrapper.in | ||