nodejs12

nodejs/nodejs12

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Adam Majer	e18377574e	- CVE-2023-30581.patch: fixes mainModule.__proto__ Bypass Experimental Policy Mechanism (CVE-2023-30581, bsc#1212574) - CVE-2023-30589.patch: HTTP Request Smuggling via empty headers separated by CR (CVE-2023-30589, bsc#1212582) - CVE-2023-30590.patch: DiffieHellman does not generate keys after setting a private key (CVE-2023-30590, bsc#1212583) - CVE-2023-23918.patch: fixes permissions policies can be bypassed via process.mainModule (bsc#1208481, CVE-2023-23918) - CVE-2023-32002.patch: + fixes policies can be bypassed via Module._load + fixes policies can be bypassed by module.constructor.createRequire (CVE-2023-32002, CVE-2023-32006, bsc#1214150, bsc#1214156) - CVE-2023-32559.patch: Policies can be bypassed via process.binding (CVE-2023-32559, bsc#1214154) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=150	2023-08-18 12:10:04 +00:00

Author

SHA256

Message

Date

Adam Majer

e18377574e

- CVE-2023-30581.patch: fixes mainModule.__proto__ Bypass

Experimental Policy Mechanism (CVE-2023-30581, bsc#1212574)
- CVE-2023-30589.patch: HTTP Request Smuggling via empty headers
  separated by CR (CVE-2023-30589, bsc#1212582)
- CVE-2023-30590.patch: DiffieHellman does not generate keys
   after setting a private key (CVE-2023-30590, bsc#1212583)
- CVE-2023-23918.patch: fixes permissions policies can be
  bypassed via process.mainModule (bsc#1208481, CVE-2023-23918)
- CVE-2023-32002.patch:
  + fixes policies can be bypassed via Module._load
  + fixes policies can be bypassed by module.constructor.createRequire
    (CVE-2023-32002, CVE-2023-32006, bsc#1214150, bsc#1214156)
- CVE-2023-32559.patch: Policies can be bypassed via
  process.binding (CVE-2023-32559, bsc#1214154)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs12?expand=0&rev=150

2023-08-18 12:10:04 +00:00

1 Commits