NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
efef1974c5
kumquat-buildroot/package/nodejs/nodejs.hash
Peter Korsgaard e3bdcdd596 package/nodejs: security bump to version 12.22.6 
Fixes the following security issues:

- CVE-2021-37701: Arbitrary File Creation/Overwrite via insufficient symlink
  protection due to directory cache poisoning using symbolic links

- CVE-2021-37712: Arbitrary File Creation/Overwrite via insufficient symlink
  protection due to directory cache poisoning using symbolic links

- CVE-2021-37713: Arbitrary File Creation/Overwrite on Windows via
  insufficient relative path sanitization

- CVE-2021-39134: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

- CVE-2021-39135: UNIX Symbolic Link (Symlink) Following in @npmcli/arborist

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-09-18 19:42:46 +02:00

6 lines
257 B
Plaintext
Raw Blame History

# From https://nodejs.org/dist/v12.22.6/SHASUMS256.txt
sha256 c2022f16b8f689620c3472c2b5261fdabbd0ab976bf9ac3b7db6747a2e9b0f7a node-v12.22.6.tar.xz
# Hash for license file
sha256 221417a7ca275112a5ac54639b36ee3c5184e74631ea1e1b01b701293b655190 LICENSE
Reference in New Issue View Git Blame Copy Permalink