forked from pool/nodejs21
Adam Majer
3dd84fa6f5
* (CVE-2024-21892, bsc#1219992) - Code injection and privilege escalation through Linux capabilities- (High) * (CVE-2024-22019, bsc#1219993) - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) * (CVE-2024-21896, bsc#1219994) - Path traversal by monkey-patching Buffer internals- (High) * (CVE-2024-22017, bsc#1219995) - setuid() does not drop all privileges due to io_uring - (High) * (CVE-2023-46809, bsc#1219997) - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) * (CVE-2024-21891, bsc#1219998) - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) * (CVE-2024-21890, bsc#1219999) - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) * (CVE-2024-22025, bsc#1220014) - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) * undici version 5.28.3 (CVE-2024-24758, bsc#1220017) * libuv version 1.48.0 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs21?expand=0&rev=19 |
||
---|---|---|
_constraints | ||
.gitattributes | ||
.gitignore | ||
bash_output_helper.bash | ||
c-ares-fixes.patch | ||
cares_public_headers.patch | ||
fix_ci_tests.patch | ||
flaky_test_rerun.patch | ||
gcc13.patch | ||
legacy_python.patch | ||
linker_lto_jobs.patch | ||
manual_configure.patch | ||
node_modules.tar.xz | ||
node-gyp_7.1.2.tar.xz | ||
node-gyp-addon-gypi.patch | ||
node-gyp-config.patch | ||
node-v21.6.2.tar.xz | ||
nodejs21.changes | ||
nodejs21.spec | ||
nodejs-libpath.patch | ||
nodejs.keyring | ||
npm_search_paths.patch | ||
openssl_binary_detection.patch | ||
qemu_timeouts_arches.patch | ||
SHASUMS256.txt | ||
SHASUMS256.txt.sig | ||
skip_no_console.patch | ||
sle12_python3_compat.patch | ||
test-skip-y2038-on-32bit-time_t.patch | ||
update_npm_tarball.sh | ||
versioned.patch |