NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38370aa2f9
kumquat-buildroot/package/nodejs/nodejs.hash
Peter Korsgaard a240f9da85 package/nodejs: security bump to version 16.20.0 
Fixes the following security issues:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via
  process.mainModule (High)

- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
  library (Medium)

- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
  environment variable (Low)

- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
  injection in host headers (Medium)
  https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff

- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
  fetch API (Low)
  https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases

Update LICENSE hash after an update of the openssl license snippet:
e7ed56f501

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-06-19 21:36:41 +02:00

6 lines
257 B
Plaintext
Raw Blame History

# From https://nodejs.org/dist/v16.20.0/SHASUMS256.txt
sha256 e0990f992234e40a51fe11f92c3816c93a77e1b081145d3dd762cd1026345349 node-v16.20.0.tar.xz
# Hash for license file
sha256 ba325815d3df8819bebaf37cad67d6e1f82271e1e4a1189b53abd28e261977d6 LICENSE
Reference in New Issue View Git Blame Copy Permalink