On 2/17/23 16:17, Antoine Jacoutot wrote:
Note: It might be a good idea to have a look at whether it makes sense to
apply the equivalent of https://github.com/nodejs/node/commit/8393ebc72d to
textproc/icu4c (Cc: Maintainer aja@)
Look at the port, it's already the case.
Ack ... I did look,
On Fri, Feb 17, 2023 at 04:07:36PM +0100, Volker Schlecht wrote:
> nodejs published a security release yesterday.
>
> The fixes relevant for the OpenBSD port are:
>
> * Node.js Permissions policies can be bypassed via process.mainModule (High)
> (CVE-2023-23918)
> * Node.js OpenSSL error
On Fri, Feb 17, 2023 at 04:07:36PM +0100, Volker Schlecht wrote:
> nodejs published a security release yesterday.
Thanks. I'm currently running 18.14.0 through an amd64 bulk. I will
commit 18.4.1 once that's completed, i.e. on Sunday.
nodejs published a security release yesterday.
The fixes relevant for the OpenBSD port are:
* Node.js Permissions policies can be bypassed via process.mainModule
(High) (CVE-2023-23918)
* Node.js OpenSSL error handling issues in nodejs crypto library
(Medium) (CVE-2023-23919)
* Fetch API in