mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-23 13:33:28 +08:00
b10a791c08
Release Notes: https://nodejs.org/en/blog/release/v20.15.1 Fixes the following CVE's: CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) CVE-2024-22020 - Bypass network import restriction via data URL (Medium) CVE-2024-22018 - fs.lstat bypasses permission model (Low) CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low) CVE-2024-37372 - Permission model improperly processes UNC paths (Low) Also these additional CVE's were fixed in the v20.12.1 and v20.12.2 releases [1][2]: CVE-2024-27983 - Assertion failed in node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium) CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows NodeJS tests are passing: $ ./support/testing/run-tests -o ./outputs/ -k tests.package.test_nodejs -d dl 12:02:58 TestNodeJSModuleHostSrc Starting 12:02:58 TestNodeJSModuleHostSrc Building 13:17:15 TestNodeJSModuleHostSrc Building done 13:17:23 TestNodeJSModuleHostSrc Cleaning up .13:17:23 TestNodeJSModuleHostBin Starting 13:17:23 TestNodeJSModuleHostBin Building 14:06:15 TestNodeJSModuleHostBin Building done 14:06:20 TestNodeJSModuleHostBin Cleaning up .14:06:20 TestNodeJSBasic Starting 14:06:20 TestNodeJSBasic Building 14:55:40 TestNodeJSBasic Building done 14:55:45 TestNodeJSBasic Cleaning up LICENSE hash changed due to changes in vendored components: * copyright year update and adding spdx identifier [1] [1] https://nodejs.org/en/blog/release/v20.12.1 [2] https://nodejs.org/en/blog/release/v20.12.2 [3] |
||
|---|---|---|
| .. | ||
| nodejs-bin | ||
| nodejs-src | ||
| Config.in | ||
| Config.in.host | ||
| nodejs.hash | ||
| nodejs.mk | ||