mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-14 11:23:57 +02:00
node: February 14 2024 Security Releases
Update to v20.11.1 This is a security release. Notable changes * CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High) * CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High) * CVE-2024-22017 - setuid() does not drop all privileges due to io_uring - (High) * CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 * libuv version 1.48.0 * OpenSSL version 3.0.13+quic1 (Depends on shared library provided by OpenWrt) Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This commit is contained in:
parent
aa7b4e30f1
commit
52e6017ad1
|
@ -8,12 +8,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=node
|
||||
PKG_VERSION:=v20.11.0
|
||||
PKG_VERSION:=v20.11.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
|
||||
PKG_HASH:=31807ebeeeb049c53f1765e4a95aed69476a4b696dd100cb539ab668d7950b40
|
||||
PKG_HASH:=77813edbf3f7f16d2d35d3353443dee4e61d5ee84d9e3138c7538a3c0ca5209e
|
||||
|
||||
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
|
||||
PKG_LICENSE:=MIT
|
||||
|
|
Loading…
Reference in New Issue
Block a user