projects / feed / packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7ed86d2) | patch
node: Friday October 13 2023 Security Releases
authorHirokazu MORIKAWA <morikw2@gmail.com>
Tue, 17 Oct 2023 00:26:24 +0000 (09:26 +0900)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Tue, 17 Oct 2023 16:14:09 +0000 (18:14 +0200)
commit9101a21e535d2247b3fb85e0660f7bb0dd4a4290
tree395b6b3dd055ad226d241364698b947649017660tree | snapshot
parent7ed86d2eb7a58a6ed938b08fcacb4461a2876631commit | diff
node: Friday October 13 2023 Security Releases

This is a security release.
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-44487: nghttp2 Security Release (High) (Depends on shared library provided by OpenWrt)
* CVE-2023-45143: undici Security Release (High)
* CVE-2023-38552: Integrity checks according to policies can be circumvented (Medium)
* CVE-2023-39333: Code injection via WebAssembly export names (Low)
More detailed information on each of the vulnerabilities can be found in October 2023 Security Releases blog post.

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
lang/node/Makefile diff | blob | history
Mirror of packages feed