Package node: Information
Binary package: node
Version: 20.11.1-alt2
Architecture: armh
Build time: Mar 2, 2024, 01:30 AM in the task #341768
Source package: node
Category: Development/Tools
Report package bugDownload: node-20.11.1-alt2.armh.rpm
Home page: http://nodejs.org/
License: MIT
Summary: Evented I/O for V8 Javascript
Description:
Node.js is a server-side JavaScript environment that uses an asynchronous event-driven model. Node's goal is to provide an easy way to build scalable network programs.
Maintainer: Vitaly Lipatov
List of contributors:
Vitaly Lipatov
Alexey Shabalin
Pavel Skrylev
Dmitriy Kulik
Mikhail Pokidko
Vitaly Kuznetsov
Vitaly Lipatov
Alexey Shabalin
Pavel Skrylev
Dmitriy Kulik
Mikhail Pokidko
Vitaly Kuznetsov
Last changed
March 1, 2024 Vitaly Lipatov 20.11.1-alt2
- fix npm config get user-agent output again (ALT bug 43430)
Feb. 18, 2024 Vitaly Lipatov 20.11.1-alt1
- new version 20.11.1 (with rpmrb script) - enable build npm subpackage - CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High) - CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) - CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High) - CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High) - CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) - CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) - CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) - CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) - libuv >= 1.48.0
Feb. 5, 2024 Vitaly Lipatov 20.11.0-alt1
- new version 20.11.0 (with rpmrb script) - set npm >= 10.2.4, c-ares >= 1.20.1