diff options
| author | adam <adam@pkgsrc.org> | 2021-01-05 08:35:36 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2021-01-05 08:35:36 +0000 |
| commit | e42315cc2dee86ad75996565c68bbd9a8fd54646 (patch) | |
| tree | 7c3cee22d2633d1e4b01fbf55a300dff3fedc295 /lang/nodejs10 | |
| parent | 057147d2bfc55c159f9511397220409c2bf6b461 (diff) | |
| download | pkgsrc-e42315cc2dee86ad75996565c68bbd9a8fd54646.tar.gz | |
nodejs10: updated to 10.23.1
Version 10.23.1 'Dubnium' (LTS)
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits
CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
Diffstat (limited to 'lang/nodejs10')
| -rw-r--r-- | lang/nodejs10/Makefile | 4 | ||||
| -rw-r--r-- | lang/nodejs10/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/nodejs10/Makefile b/lang/nodejs10/Makefile index 7a2a67e50ef..864b57fde9a 100644 --- a/lang/nodejs10/Makefile +++ b/lang/nodejs10/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.18 2020/12/16 07:29:36 adam Exp $ +# $NetBSD: Makefile,v 1.19 2021/01/05 08:35:36 adam Exp $ -DISTNAME= node-v10.23.0 +DISTNAME= node-v10.23.1 USE_LANGUAGES= c gnu++14 diff --git a/lang/nodejs10/distinfo b/lang/nodejs10/distinfo index 6372aa675c2..4e34e0fbd1b 100644 --- a/lang/nodejs10/distinfo +++ b/lang/nodejs10/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.10 2020/11/14 09:54:23 jperkin Exp $ +$NetBSD: distinfo,v 1.11 2021/01/05 08:35:36 adam Exp $ -SHA1 (node-v10.23.0.tar.gz) = 641cefc66f2360dbf409f8bb7f94bf3096cb9da4 -RMD160 (node-v10.23.0.tar.gz) = 71fefc0b9451395f74750f956102e2b4cfa67144 -SHA512 (node-v10.23.0.tar.gz) = 959b3d2aadd2aa062b3e74f83234047c7c66a5636745208c484a25c33f60157892c101137afc8baf7f1de7fdeb5328ba5b1188781e3d07cad9716725c5fd3e11 -Size (node-v10.23.0.tar.gz) = 46560417 bytes +SHA1 (node-v10.23.1.tar.gz) = 0ad5c10c53df0ec65dab7184950c23c66d3c6e40 +RMD160 (node-v10.23.1.tar.gz) = 4d7f814f4a506826de3d79b1d46ef226a9f7f65f +SHA512 (node-v10.23.1.tar.gz) = 6414873d5f35738ea45752267c9268d6942de81131274504ab4505576e0a3af99ffcbd5692ab3c28554abb011215f2b72ca2b002e708de5ec4d1f9f799caacee +Size (node-v10.23.1.tar.gz) = 46310109 bytes SHA1 (patch-common.gypi) = de37949f38d9bd39a18b59d59ec74e528bd323ac SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 |