obsolete

nodejs16-16.20.0-1.fc38, nodejs18-18.15.0-5.fc38, & 1 more

FEDORA-2023-cdd4df1681 created by sgallagh a year ago for Fedora 38

Assorted fixes for v8-devel


Update to 19.8.1

Fix confilct with nodejs18


2023-02-16, Version 16.19.1 'Gallium' (LTS), @richardlau

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

  • CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
  • CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
  • CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

Fixed by an update to undici:

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent OpenSSL security advisory.

Commits

This update has been submitted for testing by sgallagh.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has obsoleted nodejs20-19.8.1-1.fc38, and has inherited its bugs and notes.

a year ago

sgallagh edited this update.

New build(s):

  • nodejs18-18.15.0-5.fc38
  • nodejs16-16.20.0-1.fc38

Karma has been reset.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted nodejs16-16.19.1-4.fc38, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been pushed to testing.

a year ago
User Icon pwalter commented & provided feedback a year ago
karma

Works

User Icon ellert commented & provided feedback a year ago
karma

The non-default versions still provide the non-versioned provide only the default version should have. Still breaks package builds then expect to get the default versions when build requiring the non-versioned provides.

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

This update has been obsoleted by nodejs16-16.20.0-2.fc38.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
a year ago
in testing
a year ago
modified
a year ago

Automated Test Results