Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#15488 closed enhancement (fixed)


Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.1
Component: BOOK Version: git
Severity: normal Keywords:


New point version.

Change History (6)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by ken@…, 3 years ago

For the moment, it looks as if the sed is still needed for building with system c-ares. The issue was closed because upstream node thought the header from c-ares should be promoted to an interface and made public. That has apparently been done in c-ares but there is not yet any new c-ares release.

comment:3 by Douglas R. Reno, 3 years ago

Priority: normalelevated
2021-08-31, Version 14.17.6 'Fermium' (LTS), @MylesBorins

This is a security release.
Notable Changes

These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.

You can read more about it in:



    [5b3f70bfb5] - deps: update archs files for OpenSSL-1.1.1l (Richard Lau) #39868
    [71372625ae] - deps: upgrade openssl sources to 1.1.1l (Richard Lau) #39868
    [4276984803] - deps: upgrade npm to 6.14.15 (Darcy Clarke) #39856

comment:4 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

comment:5 by Douglas R. Reno, 3 years ago

I'll file an SA after I get up tomorrow.

comment:6 by Douglas R. Reno, 3 years ago

SA filed (11.0-001)

Note: See TracTickets for help on using tickets.