NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
914ef9cec2
kumquat-buildroot/package/nodejs/nodejs.hash
Peter Korsgaard 58ba17c784 package/nodejs: security bump to version 16.18.1 
Fixes the following security issue:

DNS rebinding in --inspect via invalid octal IP address (Medium) (CVE-2022-43548)

The Node.js rebinding protector for --inspect still allows invalid IP
address, specifically, the octal format.  An example of an octal IP address
is 1.09.0.0, the 09 octet is invalid because 9 is not a number in the base 8
number system.  Browsers such as Firefox (tested on latest version m105)
will still attempt to resolve this invalid octal address via DNS.  When
combined with an active --inspect session, such as when using VSCode, an
attacker can perform DNS rebinding and execute arbitrary code

Update license hash for an update of base64 (MIT license) and a change in
copyright year:

8ea9a71b15
9f14dc1a8f

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2022-11-20 10:01:14 +01:00

6 lines
257 B
Plaintext
Raw Blame History

# From https://nodejs.org/dist/v16.18.1/SHASUMS256.txt
sha256 1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238 node-v16.18.1.tar.xz
# Hash for license file
sha256 0bec08634ba79b5404f6b7f92ea850f3c2a06e27e6f83f2267e4f5e55ae33334 LICENSE
Reference in New Issue View Git Blame Copy Permalink