File _patchinfo of Package patchinfo.20859

<patchinfo incident="20859">
  <issue tracker="cve" id="2021-22940"/>
  <issue tracker="cve" id="2021-22930"/>
  <issue tracker="cve" id="2021-22931"/>
  <issue tracker="cve" id="2021-3672"/>
  <issue tracker="cve" id="2021-22939"/>
  <issue tracker="bnc" id="1189369">VUL-0: CVE-2021-22939: nodejs10,nodejs12,nodejs14,nodejs: Incomplete validation of rejectUnauthorized parameter</issue>
  <issue tracker="bnc" id="1188917">VUL-0: CVE-2021-22930: nodejs10,nodejs12,nodejs14,nodejs: Use after free on close http2 on stream canceling</issue>
  <issue tracker="bnc" id="1189368">VUL-0: CVE-2021-22940: nodejs10,nodejs12,nodejs14,nodejs: Use after free on close http2 on stream canceling</issue>
  <issue tracker="bnc" id="1189370">VUL-0: CVE-2021-22931: nodejs10,nodejs12,nodejs14,nodejs: cares upgrade - Improper handling of untypical characters in domain names</issue>
  <issue tracker="bnc" id="1188881">VUL-0: CVE-2021-3672: c-ares,libcares2: Missing input validation on hostnames</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs12</summary>
  <description>This update for nodejs12 fixes the following issues:

Update to 12.22.5:

- CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (bsc#1189370, bsc#1188881)
- CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368)
- CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369)
- CVE-2021-22930: http2: fixes use after free on close http2 on stream canceling (bsc#1188917)
</description>
</patchinfo>