obsolete

nodejs16-16.19.1-4.fc38

FEDORA-2023-3a6f96ad55 created by sgallagh a year ago for Fedora 38

2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

Fixed by an update to undici:

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent OpenSSL security advisory.

Commits

This update has been submitted for testing by sgallagh.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update has been pushed to testing.

a year ago

Tests are failing

This update has been obsoleted by nodejs16-16.20.0-1.fc38.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
2
Stable by Time
3 days
Dates
submitted
a year ago
in testing
a year ago

Automated Test Results