commit patchinfo.16712 for openSUSE:Leap:15.2:Update

Mon, 19 Jul 2021 14:03:58 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package patchinfo.16712 for 
openSUSE:Leap:15.2:Update checked in at 2021-07-19 23:03:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2:Update/patchinfo.16712 (Old)
 and      /work/SRC/openSUSE:Leap:15.2:Update/.patchinfo.16712.new.2632 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "patchinfo.16712"

Mon Jul 19 23:03:51 2021 rev:1 rq:906539 version:unknown

Changes:
--------
New Changes file:

NO CHANGES FILE!!!

New:
----
  _patchinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="16712">
  <issue tracker="bnc" id="1187973">VUL-0: CVE-2021-22918: 
nodejs10,nodejs12,nodejs14,nodejs,libuv: libuv upgrade - Out of bounds 
read</issue>
  <issue tracker="bnc" id="1184450">VUL-0: CVE-2020-7774: nodejs8, nodejs10, 
nodejs12, nodejs14:  y18n Prototype Pollution</issue>
  <issue tracker="bnc" id="1187976">VUL-0: CVE-2021-27290: 
nodejs10,nodejs12,nodejs14,nodejs: npm upgrade - ssri Regular Expression Denial 
of Service (ReDoS)</issue>
  <issue tracker="bnc" id="1187977">VUL-0: CVE-2021-23362: 
nodejs10,nodejs12,nodejs14,nodejs: npm upgrade - hosted-git-info Regular 
Expression Denial of Service (ReDoS)</issue>
  <issue tracker="cve" id="2021-27290"/>
  <issue tracker="cve" id="2020-7774"/>
  <issue tracker="cve" id="2021-22918"/>
  <issue tracker="cve" id="2021-23362"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs14</summary>
  <description>This update for nodejs14 fixes the following issues:

Update nodejs14 to 14.17.2.

Including fixes for:

- CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973)
- CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976)
- CVE-2021-23362: hosted-git-info Regular Expression Denial of Service 
(bsc#1187977)
- CVE-2020-7774: y18n Prototype Pollution (bsc#1184450)

This update was imported from the SUSE:SLE-15-SP2:Update update 
project.</description>
</patchinfo>

Reply via email to