[Buildroot] [PATCH 2/2] package/nodejs: security bump to 12.18.0
Peter Korsgaard
peter at korsgaard.com
Sun Jul 12 21:31:44 UTC 2020
>>>>> "Martin" == Martin Bark <martin at barkynet.com> writes:
> This is a security release.
> Vulnerabilities fixed:
> CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
> CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
> CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
> See https://nodejs.org/en/blog/release/v12.18.0/
> Signed-off-by: Martin Bark <martin at barkynet.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list