NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8a26801c9f
kumquat-buildroot/package/nodejs/nodejs.hash
Peter Korsgaard b6d64d7fa4 package/nodejs: security bump to version 12.18.4 
Fixes the following security issues:

- CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion

  Affected Node.js versions converted carriage returns in HTTP request
  headers to a hyphen before parsing.  This can lead to HTTP Request
  Smuggling as it is a non-standard interpretation of the header.

  Impacts:
    All versions of the 14.x and 12.x releases line

- CVE-2020-8252: fs.realpath.native may cause buffer overflow

  libuv's realpath implementation incorrectly determined the buffer size
  which can result in a buffer overflow if the resolved path is longer than
  256 bytes.

  Impacts:
    All versions of the 10.x release line
    All versions of the 12.x release line

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/

Adjust license hash for the addition of the BSD-3c licensed highlight.js:
6f8b7a85d2

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-10-01 21:22:35 +02:00

6 lines
257 B
Plaintext
Raw Blame History

# From https://nodejs.org/dist/v12.18.4/SHASUMS256.txt
sha256 25f03cb18e53b6d0959d0c219e701a85eb4693f526bdda7c72bc6199b364f609 node-v12.18.4.tar.xz
# Hash for license file
sha256 0dc03af08b95ea0c1e27f8fd591dee4383eb6f2c304db6eb6cdfb6751f7da87b LICENSE
Reference in New Issue View Git Blame Copy Permalink