* Assertion failed in node::http2::Http2Session::~Http2Session()

leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
  * HTTP Request Smuggling via Content Length Obfuscation
    (Medium) (bsc#1222384, CVE-2024-27982)
    + undici version 6.11.1 (bsc#1222530, bsc#1222603, 
      CVE-2024-30260, CVE-2024-30261)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=27
This commit is contained in:
Adam Majer 2024-04-10 09:02:14 +00:00 committed by Git OBS Bridge
parent df3c9dd6fb
commit b5a83435e6

View File

@ -2,13 +2,14 @@
Tue Apr 9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de> Tue Apr 9 14:13:21 UTC 2024 - Adam Majer <adam.majer@suse.de>
- Update to 21.7.2: - Update to 21.7.2:
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() * Assertion failed in node::http2::Http2Session::~Http2Session()
leads to HTTP/2 server crash- (High) (bsc#1222244) leads to HTTP/2 server crash (High) (bsc#1222244, CVE-2024-27983)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length * HTTP Request Smuggling via Content Length Obfuscation
Obfuscation- (Medium) (bsc#1222384) (Medium) (bsc#1222384, CVE-2024-27982)
* updated dependencies: * updated dependencies:
+ llhttp version 9.2.1 + llhttp version 9.2.1
+ undici version 6.11.1 (bsc#1222530, CVE-2024-30260) + undici version 6.11.1 (bsc#1222530, bsc#1222603,
CVE-2024-30260, CVE-2024-30261)
- node-gyp-addon-gypi.patch: adapted for new unit test layouts - node-gyp-addon-gypi.patch: adapted for new unit test layouts