5657f77c09
Update to v16.20.1
The following CVEs are fixed in this release:
* CVE-2023-30581: mainModule.__proto__ Bypass Experimental Policy Mechanism (High)
* CVE-2023-30585: Privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (Medium)
* CVE-2023-30588: Process interuption due to invalid Public Key information in x509 certificates (Medium)
* CVE-2023-30589: HTTP Request Smuggling via Empty headers separated by CR (Medium)
* CVE-2023-30590: DiffieHellman does not generate keys after setting a private key (Medium)
* OpenSSL Security Releases (Depends on shared library provided by OpenWrt)
* OpenSSL security advisory 28th March.
* OpenSSL security advisory 20th April.
* OpenSSL security advisory 30th May
* c-ares vulnerabilities: (Depends on shared library provided by OpenWrt)
* GHSA-9g78-jv2r-p7vc
* GHSA-8r8p-23f3-64c2
* GHSA-54xr-f67r-4pc4
* GHSA-x6mf-cxr9-8q6v
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
|
||
|---|---|---|
| .. | ||
| 003-path.patch | ||
| 004-musl_support.patch | ||
| 007-fix_host_build_on_macos.patch | ||
| 010-execvp-arg-list-too-long.patch | ||
| 990-delete_unnecessary_libraries_for_host_execute.patch | ||
| 991-v8_zlib_support.patch | ||
| 992-v8_add_include_dirs.patch | ||
| 999-cast_for_mips32.patch | ||
| 999-deps-v8-src-trap-handler-trap-handler.h.patch | ||
| 999-fix_icu_conflict.patch | ||
| 999-localhost-no-addrconfig.patch | ||
| 999-revert_enable_pointer_authentication_on_arm64.patch | ||