adamm/nodejs21
SHA256
1
0
Fork 0
forked from autogits/nodejs21
Code Pull Requests Activity

* Assertion failed in node::http2::Http2Session::~Http2Session()

Browse Source 
leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
  * HTTP Request Smuggling via Content Length Obfuscation
    (Medium) (bsc#1222384, CVE-2024-27982)
    + undici version 6.11.1 (bsc#1222530, bsc#1222603, 
      CVE-2024-30260, CVE-2024-30261)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=27
This commit is contained in:
Adam Majer 2024-04-10 09:02:14 +00:00 committed by Git OBS Bridge
parent df3c9dd6fb
commit b5a83435e6
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nodejs21.changes
View File

@ -2,13 +2,14 @@
Tue Apr 9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de>
- Update to 21.7.2:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length
Obfuscation- (Medium) (bsc#1222384)
* Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
* HTTP Request Smuggling via Content Length Obfuscation
(Medium) (bsc#1222384, CVE-2024-27982)
* updated dependencies:
+ llhttp version 9.2.1
+ undici version 6.11.1 (bsc#1222530, CVE-2024-30260)
+ undici version 6.11.1 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts