Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/nodejs: security bump to version 16.20.0

Fixes the following security issues:

- CVE-2023-23918: Node.js Permissions policies can be bypassed via
  process.mainModule (High)

- CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto
  library (Medium)

- CVE-2023-23920: Node.js insecure loading of ICU data through ICU\_DATA
  environment variable (Low)

- CVE-2023-23936: Fetch API in Node.js did not protect against CRLF
  injection in host headers (Medium)
  https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff

- CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js
  fetch API (Low)
  https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w

For more details, see the advisory:
https://nodejs.org/en/blog/vulnerability/february-2023-security-releases

Update LICENSE hash after an update of the openssl license snippet:
https://github.com/nodejs/node/commit/e7ed56f501389978e4619ab697a812631c4061ff

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit a240f9da855fc4a01ae1a1a755722f8fc3773705)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 2 years ago
parent
4e2d157c72
commit
5d6308d543
2 changed files with 4 additions and 4 deletions
Unified View Show Diff Stats
  1. 3 3
      package/nodejs/nodejs.hash
  2. 1 1
      package/nodejs/nodejs.mk

+ 3 - 3
package/nodejs/nodejs.hash
View File 

@@ -1,5 +1,5 @@
 
-# From https://nodejs.org/dist/v16.18.1/SHASUMS256.txt
 
-sha256  1f8051a88f86f42064f4415fe7a980e59b0a502ecc8def583f6303bc4d445238  node-v16.18.1.tar.xz
 
+# From https://nodejs.org/dist/v16.20.0/SHASUMS256.txt
 
+sha256  e0990f992234e40a51fe11f92c3816c93a77e1b081145d3dd762cd1026345349  node-v16.20.0.tar.xz
 
 
 
 # Hash for license file
 
 # Hash for license file
 
-sha256  0bec08634ba79b5404f6b7f92ea850f3c2a06e27e6f83f2267e4f5e55ae33334  LICENSE
 
+sha256  ba325815d3df8819bebaf37cad67d6e1f82271e1e4a1189b53abd28e261977d6  LICENSE

+ 1 - 1
package/nodejs/nodejs.mk
View File 

@@ -4,7 +4,7 @@
 
 #
 
 #
 
 ################################################################################
 
 ################################################################################
 
 
 
-NODEJS_VERSION = 16.18.1
 
+NODEJS_VERSION = 16.20.0
 
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 
 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
 
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 
 NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
 
 NODEJS_DEPENDENCIES = \
 
 NODEJS_DEPENDENCIES = \