Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
patchinfo.22015
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.22015
<patchinfo incident="22015"> <issue tracker="bnc" id="1190054">VUL-0: CVE-2021-39134: nodejs4,nodejs6,nodejs8,nodejs14,nodejs12,nodejs10: nodejs-arborist: symlink following vulnerability</issue> <issue tracker="bnc" id="1190056">VUL-0: CVE-2021-37712: nodejs4,nodejs12,nodejs8,nodejs10,nodejs14,nodejs6: nodejs-tar - insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite</issue> <issue tracker="bnc" id="1190055">VUL-0: CVE-2021-37713: nodejs12,nodejs6,nodejs8,nodejs14,nodejs10,nodejs4: The npm package "tar" (aka node-tar) has an arbitrary file creation/overwrite and arbitrary code execution vulnerability</issue> <issue tracker="bnc" id="1191602">VUL-0: CVE-2021-22960: nodejs10,nodejs12,nodejs14,nodejs16,nodejs: HTTP Request Smuggling when parsing the body</issue> <issue tracker="bnc" id="1190057">VUL-0: CVE-2021-37701: nodejs4,nodejs12,nodejs8,nodejs10,nodejs14,nodejs6: nodejs-tar - insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite</issue> <issue tracker="bnc" id="1190053">VUL-0: CVE-2021-39135: nodejs6,nodejs8,nodejs4,nodejs10,nodejs14,nodejs12: nodejs-arborist - symlink following vulnerability</issue> <issue tracker="bnc" id="1191601">VUL-0: CVE-2021-22959: nodejs10,nodejs12,nodejs14,nodejs16,nodejs: HTTP Request Smuggling due to spaced in headers</issue> <issue tracker="cve" id="2021-37713"/> <issue tracker="cve" id="2021-39135"/> <issue tracker="cve" id="2021-37712"/> <issue tracker="cve" id="2021-39134"/> <issue tracker="cve" id="2021-22960"/> <issue tracker="cve" id="2021-22959"/> <issue tracker="cve" id="2021-37701"/> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for nodejs14</summary> <description>This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add "tries" option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor