diff options
| author | adam <adam@pkgsrc.org> | 2021-01-05 08:31:04 +0000 |
|---|---|---|
| committer | adam <adam@pkgsrc.org> | 2021-01-05 08:31:04 +0000 |
| commit | db03ad1d6e6b6d86aaf0a482e3ec4d73b8b6cf32 (patch) | |
| tree | b197e16a860aa7b571bbf0c6c17a79f2e64f1d88 /lang/nodejs | |
| parent | cecff61d4715b1e4abfe640d23a9597db2f1aa61 (diff) | |
| download | pkgsrc-db03ad1d6e6b6d86aaf0a482e3ec4d73b8b6cf32.tar.gz | |
nodejs: updated to 14.15.4
Version 14.15.4 'Fermium' (LTS)
Notable Changes
Vulnerabilities fixed:
CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt
CVE-2020-8265: use-after-free in TLSWrap (High)
Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
CVE-2020-8287: HTTP Request Smuggling in nodejs (Low)
Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling (https://cwe.mitre.org/data/definitions/444.html).
Diffstat (limited to 'lang/nodejs')
| -rw-r--r-- | lang/nodejs/Makefile | 4 | ||||
| -rw-r--r-- | lang/nodejs/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/lang/nodejs/Makefile b/lang/nodejs/Makefile index 8b7bdf22baa..fdc902e6a8f 100644 --- a/lang/nodejs/Makefile +++ b/lang/nodejs/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.205 2020/12/31 20:04:12 nia Exp $ +# $NetBSD: Makefile,v 1.206 2021/01/05 08:31:04 adam Exp $ -DISTNAME= node-v14.15.3 +DISTNAME= node-v14.15.4 EXTRACT_SUFX= .tar.xz USE_LANGUAGES= c gnu++14 diff --git a/lang/nodejs/distinfo b/lang/nodejs/distinfo index 108acb2b74e..a4e6816e66e 100644 --- a/lang/nodejs/distinfo +++ b/lang/nodejs/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.190 2020/12/21 09:41:32 adam Exp $ +$NetBSD: distinfo,v 1.191 2021/01/05 08:31:04 adam Exp $ -SHA1 (node-v14.15.3.tar.xz) = 3976ed5e20f361566d340320c33f4c1ebbc29265 -RMD160 (node-v14.15.3.tar.xz) = dd5628d97e48fd9ee73b32525294a98b25128b37 -SHA512 (node-v14.15.3.tar.xz) = fda889445084af615d1c6d6e16cf99e48a9f309b37273382f2060cf34f4aa5b11d73b96a8c7f86afa12b6da553dcfa639c0c8ca693480534d1b00dbc8b4d741c -Size (node-v14.15.3.tar.xz) = 33302128 bytes +SHA1 (node-v14.15.4.tar.xz) = a63eca39a1323243b2fd4b0879870f3a40d08a8d +RMD160 (node-v14.15.4.tar.xz) = 0ad20166cb8829e9bf79d84b54b9063ec00cd2fa +SHA512 (node-v14.15.4.tar.xz) = 0d497a5d51de52412d09dd0fbcb936dbf0cba810f84d598be8f02c876d55f614e00c1ea0b25a00838e7b9f9c73a7882e3de0e9507d1c6ee45270a62d3438ab41 +Size (node-v14.15.4.tar.xz) = 33296076 bytes SHA1 (patch-common.gypi) = f0bd2962bf7c8466db24b35a35154897ecad6316 SHA1 (patch-deps_cares_cares.gyp) = 22b44f2ac59963f694dfe4f4585e08960b3dec32 SHA1 (patch-deps_uv_common.gypi) = d38a9c8d9e3522f15812aec2f5b1e1e636d4bab3 |