[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#46634] [PATCH] gnu: node: Update to 10.23.3. [security fixes]

From: Jonathan Brielmaier
Subject: [bug#46634] [PATCH] gnu: node: Update to 10.23.3. [security fixes]
Date: Tue, 23 Feb 2021 20:29:35 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Icedove/78.7.1

On 19.02.21 12:02, Jelle Licht wrote:
Hey Guix,

The attached two patches together should address CVE-2020-8287 (in
Node). I am kind of fuzzy on the details, but to me it seems that the
vulnerability is actually in http-parser (and llhttp), not node. I
informed upstream about my findings, but in the mean time we should
probably apply these.

The node package subsequently has a regression test to demonstrate that
the applied fix works. Nonetheless, http-parser has quite some
dependents, and I only verified everything to still work with node.

  - Jelle

Impressive work. Looks nice! node-10.23 is required for Firefox >= 86.0
so as well for the next ESR branch of icecat and icedove...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]