#13628: node.js-12.18.0
-------------------------+------------------------
Reporter: bdubbs | Owner: blfs-book
Type: enhancement | Status: new
Priority: high | Milestone: 9.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------
Changes (by renodr):
* priority: normal => high
Comment:
{{{
2020-06-02, Version 12.18.0 'Erbium' (LTS), @targos
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate
verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of
memory corruption (High).
Commits
[c6d0bdacc4] - crypto: update root certificates (AshCripps) #33682
[916b2824d1] - (SEMVER-MINOR) deps: update nghttp2 to 1.41.0 (James M
Snell) nodejs-private/node-private#206
[d381426377] - (SEMVER-MINOR) http2: implement support for max
settings entries (James M Snell) nodejs-private/node-private#206
[7dd8982570] - napi: fix memory corruption vulnerability (Tobias
Nießen) nodejs-private/node-private#195
[0932309af2] - tls: emit session after verifying certificate (Fedor
Indutny) nodejs-private/node-private#200
[c392d3923f] - tools: update certdata.txt (AshCripps) #33682
}}}
Two high severity vulnerabilities (the TLS session reuse vulnerability is
extremely important), and one low security vulnerability.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/13628#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
