diff options
| author | Hirokazu MORIKAWA <morikw2@gmail.com> | 2023-02-17 11:51:35 +0900 |
|---|---|---|
| committer | Hirokazu MORIKAWA <morikw2@gmail.com> | 2023-02-17 11:51:35 +0900 |
| commit | 6cd5a2c57f8120d4b65518ee0dee559d4fe2c75c (patch) | |
| tree | 7d3b73ee420258177ca268fd3afa5c45ce2e291e /lang/node/patches/003-path.patch | |
| parent | 70009d3586721e656eaab6d935ac4e30dc615ad8 (diff) | |
node: bump to v16.19.1
Thursday February 16 2023 Security Releases
Notable Changes
The following CVEs are fixed in this release:
* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
* CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
* CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)
More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Diffstat (limited to 'lang/node/patches/003-path.patch')
| -rw-r--r-- | lang/node/patches/003-path.patch | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lang/node/patches/003-path.patch b/lang/node/patches/003-path.patch index 42e07f2cd..d3183cb66 100644 --- a/lang/node/patches/003-path.patch +++ b/lang/node/patches/003-path.patch @@ -1,6 +1,6 @@ --- a/lib/internal/modules/cjs/loader.js +++ b/lib/internal/modules/cjs/loader.js -@@ -1300,7 +1300,8 @@ Module._initPaths = function() { +@@ -1326,7 +1326,8 @@ Module._initPaths = function() { path.resolve(process.execPath, '..') : path.resolve(process.execPath, '..', '..'); |