nodejs16

nodejs/nodejs16

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Adam Majer	1272fd04b8	* CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997) * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) (CVE-2024-22019, bsc#1219993) * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion in fetch() brotli decoding (CVE-2024-22025, bsc#1220014) * CVE-2024-24758.patch: ignore proxy-authorization headers (CVE-2024-24758, bsc#1220017) * CVE-2024-24806.patch: fix improper domain lookup that potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053) - CVE-2023-38552.patch: Integrity checks according to policies can be circumvented (CVE-2023-38552, bsc#1216272) - CVE-2023-39333.patch, wasm-fixture.tar.gz: Code injection via WebAssembly export names (CVE-2023-39333, bsc#1216273) - CVE-2023-45143.patch: undici Security Release (CVE-2023-45143, bsc#1216205) - nodejs.keyring: include new releaser keys OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=100	2024-02-20 16:34:06 +00:00

Author

SHA256

Message

Date

Adam Majer

1272fd04b8

* CVE-2023-46809.patch: Node.js is vulnerable to the Marvin Attack

(timing variant of the Bleichenbacher attack against
   PKCS#1 v1.5 padding) - (Medium) (CVE-2023-46809, bsc#1219997)
 * CVE-2024-22019.patch: http: Reading unprocessed HTTP request with
   unbounded chunk extension allows DoS attacks- (High)
   (CVE-2024-22019, bsc#1219993)
 * CVE-2024-22025.patch: fix Denial of Service by resource exhaustion
   in fetch() brotli decoding (CVE-2024-22025, bsc#1220014)
 * CVE-2024-24758.patch: ignore proxy-authorization headers
   (CVE-2024-24758, bsc#1220017)
 * CVE-2024-24806.patch: fix improper domain lookup that
   potentially leads to SSRF attacks (CVE-2024-24806, bsc#1220053)
- CVE-2023-38552.patch: Integrity checks according to policies
  can be circumvented (CVE-2023-38552, bsc#1216272)
- CVE-2023-39333.patch, wasm-fixture.tar.gz: Code injection via
  WebAssembly export names (CVE-2023-39333, bsc#1216273)
- CVE-2023-45143.patch: undici Security Release (CVE-2023-45143, bsc#1216205)
- nodejs.keyring: include new releaser keys

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=100

2024-02-20 16:34:06 +00:00

1 Commits