node: June 20 2023 Security Releases
Update to v16.20.1 The following CVEs are fixed in this release: * CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) * CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases (Depends on shared library provided by OpenWrt) * OpenSSL security advisory 28th March. * OpenSSL security advisory 20th April. * OpenSSL security advisory 30th May * c-ares vulnerabilities: (Depends on shared library provided by OpenWrt) * GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-64c2 * GHSA-54xr-f67r-4pc4 * GHSA-x6mf-cxr9-8q6v Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
This commit is contained in:
parent
129b7c367c
commit
5657f77c09
|
@ -8,12 +8,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=node
|
||||
PKG_VERSION:=v16.20.0
|
||||
PKG_VERSION:=v16.20.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
|
||||
PKG_HASH:=e0990f992234e40a51fe11f92c3816c93a77e1b081145d3dd762cd1026345349
|
||||
PKG_HASH:=83e03381e271f1a5619188e7aea9d85d9b7e12f5be2a28ceb78d7249ed22b7f1
|
||||
|
||||
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
|
||||
PKG_LICENSE:=MIT
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- a/lib/internal/modules/cjs/loader.js
|
||||
+++ b/lib/internal/modules/cjs/loader.js
|
||||
@@ -1331,7 +1331,8 @@ Module._initPaths = function() {
|
||||
@@ -1333,7 +1333,8 @@ Module._initPaths = function() {
|
||||
path.resolve(process.execPath, '..') :
|
||||
path.resolve(process.execPath, '..', '..');
|
||||
|
||||
|
|
Loading…
Reference in New Issue