Context Navigation

← Previous Ticket
Next Ticket →

Opened 5 years ago

Closed 5 years ago

#14040 closed enhancement (fixed)

node.js-12.18.4 (Security issues)

Reported by:	Bruce Dubbs	Owned by:	Bruce Dubbs
Priority:	high	Milestone:	10.1
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description ¶

New point version.

Change History (3)

comment:1 by Bruce Dubbs, 5 years ago

Owner:	changed from blfs-book to Bruce Dubbs
Status:	new → assigned

comment:2 by Bruce Dubbs, 5 years ago

Priority:	normal → high
Summary:	node.js-12.18.4 → node.js-12.18.4 (Security issues)

Notable Changes

This is a security release.

Vulnerabilities fixed:

CVE-2020-8201: HTTP Request Smuggling due to CR-to-Hyphen conversion (High).
CVE-2020-8252: fs.realpath.native on may cause buffer overflow (Medium).

Commits

[2ea6d255f8] - deps: libuv: cherry-pick 0e6e8620
[65415049af] - deps: update llhttp to 2.1.2
[edad52e243] - test: modify tests to support the latest llhttp

comment:3 by Bruce Dubbs, 5 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at version 23724.

Note: See TracTickets for help on using tickets.

Download in other formats: