Package node: Information
Default inline alert: Version in the repository: 20.12.2-alt1
Source package: node
Version: 20.11.1-alt1
Build time: Feb 27, 2024, 05:39 AM in the task #340942
Category: Development/Tools
Report package bugHome page: http://nodejs.org/
License: MIT
Summary: Evented I/O for V8 Javascript
Description:
Node.js is a server-side JavaScript environment that uses an asynchronous event-driven model. Node's goal is to provide an easy way to build scalable network programs.
List of rpms provided by this srpm:
node (x86_64, ppc64le, i586, armh, aarch64)
node-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
node-devel (x86_64, ppc64le, i586, armh, aarch64)
node-doc (noarch)
npm (noarch)
node (x86_64, ppc64le, i586, armh, aarch64)
node-debuginfo (x86_64, ppc64le, i586, armh, aarch64)
node-devel (x86_64, ppc64le, i586, armh, aarch64)
node-doc (noarch)
npm (noarch)
Maintainer: Vitaly Lipatov
List of contributors:
Vitaly Lipatov
Alexey Shabalin
Pavel Skrylev
Dmitriy Kulik
Mikhail Pokidko
Vitaly Kuznetsov
Vitaly Lipatov
Alexey Shabalin
Pavel Skrylev
Dmitriy Kulik
Mikhail Pokidko
Vitaly Kuznetsov
Last changed
Feb. 18, 2024 Vitaly Lipatov 20.11.1-alt1
- new version 20.11.1 (with rpmrb script) - enable build npm subpackage - CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High) - CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High) - CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High) - CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High) - CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium) - CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium) - CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium) - CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium) - libuv >= 1.48.0
Feb. 5, 2024 Vitaly Lipatov 20.11.0-alt1
- new version 20.11.0 (with rpmrb script) - set npm >= 10.2.4, c-ares >= 1.20.1
Nov. 2, 2023 Vitaly Lipatov 20.9.0-alt1
- 2023-10-24, Version 20.9.0 'Iron' (LTS) - set npm >= 10.1.0, libuv >= 1.46.0, libicu >= 7.3, libnghttp2 >= 1.57.0