5d6308d543
Fixes the following security issues: - CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High) - CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium) - CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA environment variable (Low) - CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium) https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff - CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low) https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w For more details, see the advisory: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases Update LICENSE hash after an update of the openssl license snippet: |
||
|---|---|---|
| .. | ||
| 0001-add-qemu-wrapper-support.patch | ||
| 0002-check-if-uclibc-has-backtrace-support.patch | ||
| 0003-include-obj-name-in-shared-intermediate.patch | ||
| 0004-lib-internal-modules-cjs-loader.js-adjust-default-pa.patch | ||
| Config.in | ||
| Config.in.host | ||
| nodejs.hash | ||
| nodejs.mk | ||
| v8-qemu-wrapper.in | ||