From b5a83435e699af3b9a245f076b8ba7251e95a3e0fb76c1df8bd8d6d59662dc4c Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Wed, 10 Apr 2024 09:02:14 +0000
Subject: [PATCH] * Assertion failed in
 node::http2::Http2Session::~Http2Session()     leads to HTTP/2 server crash
 (High) (bsc#1222244, CVE-2024-27983)   * HTTP Request Smuggling via Content
 Length Obfuscation     (Medium) (bsc#1222384, CVE-2024-27982)     + undici
 version 6.11.1 (bsc#1222530, bsc#1222603,       CVE-2024-30260,
 CVE-2024-30261)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=27
---
 nodejs21.changes | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/nodejs21.changes b/nodejs21.changes
index f2dd57c..01cddc2 100644
--- a/nodejs21.changes
+++ b/nodejs21.changes
@@ -2,13 +2,14 @@
 Tue Apr  9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de>
 
 - Update to 21.7.2:
-  * CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
-    leads to HTTP/2 server crash- (High) (bsc#1222244)
-  * CVE-2024-27982 - HTTP Request Smuggling via Content Length
-    Obfuscation- (Medium) (bsc#1222384)
+  * Assertion failed in node::http2::Http2Session::~Http2Session()
+    leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
+  * HTTP Request Smuggling via Content Length Obfuscation
+    (Medium) (bsc#1222384, CVE-2024-27982)
   * updated dependencies:
     + llhttp version 9.2.1
-    + undici version 6.11.1 (bsc#1222530, CVE-2024-30260)
+    + undici version 6.11.1 (bsc#1222530, bsc#1222603, 
+      CVE-2024-30260, CVE-2024-30261)
 
 - node-gyp-addon-gypi.patch: adapted for new unit test layouts