obsolete

nodejs16-16.19.1-4.fc38

FEDORA-2023-3a6f96ad55 created by sgallagh 2 years ago for Fedora 38

2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

Fixed by an update to undici:

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent OpenSSL security advisory.

Commits

This update has been submitted for testing by sgallagh.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'failed'.

2 years ago

This update has been pushed to testing.

2 years ago

Tests are failing

This update has been obsoleted by nodejs16-16.20.0-1.fc38.

2 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
3 days
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
2 years ago
in testing
2 years ago

Automated Test Results