Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#15488 closed enhancement (fixed)

node.js-14.17.6

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (6)

comment:1 by Douglas R. Reno, 3 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by ken@…, 3 months ago

For the moment, it looks as if the sed is still needed for building with system c-ares. The issue https://github.com/nodejs/node/pull/39739 was closed because upstream node thought the header from c-ares should be promoted to an interface and made public. That has apparently been done in c-ares https://github.com/c-ares/c-ares/pull/417 but there is not yet any new c-ares release.

comment:3 by Douglas R. Reno, 3 months ago

Priority: normalelevated
2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins

This is a security release.
Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

You can read more about it in:

    CVE-2021-37701
    CVE-2021-37712
    CVE-2021-37713
    CVE-2021-39134
    CVE-2021-39135

Commits

    [5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
    [71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
    [4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856

comment:4 by Douglas R. Reno, 3 months ago

Resolution: fixed
Status: assignedclosed

comment:5 by Douglas R. Reno, 3 months ago

I'll file an SA after I get up tomorrow.

comment:6 by Douglas R. Reno, 3 months ago

SA filed (11.0-001)

Note: See TracTickets for help on using tickets.