5657f77c09
Update to v16.20.1 The following CVEs are fixed in this release: * CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High) * CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium) * CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium) * CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium) * CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium) * OpenSSL Security Releases (Depends on shared library provided by OpenWrt) * OpenSSL security advisory 28th March. * OpenSSL security advisory 20th April. * OpenSSL security advisory 30th May * c-ares vulnerabilities: (Depends on shared library provided by OpenWrt) * GHSA-9g78-jv2r-p7vc * GHSA-8r8p-23f3-64c2 * GHSA-54xr-f67r-4pc4 * GHSA-x6mf-cxr9-8q6v Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com> |
||
---|---|---|
.. | ||
003-path.patch | ||
004-musl_support.patch | ||
007-fix_host_build_on_macos.patch | ||
010-execvp-arg-list-too-long.patch | ||
990-delete_unnecessary_libraries_for_host_execute.patch | ||
991-v8_zlib_support.patch | ||
992-v8_add_include_dirs.patch | ||
999-cast_for_mips32.patch | ||
999-deps-v8-src-trap-handler-trap-handler.h.patch | ||
999-fix_icu_conflict.patch | ||
999-localhost-no-addrconfig.patch | ||
999-revert_enable_pointer_authentication_on_arm64.patch |