Overview

File _patchinfo of Package patchinfo.16600

<patchinfo incident="16600">
  <issue tracker="bnc" id="1176605">VUL-0: CVE-2020-8201: nodejs12, nodejs14, nodejs: HTTP Request Smuggling due to CR-to-Hyphen conversion</issue>
  <issue tracker="bnc" id="1176589">VUL-0: CVE-2020-8252: libuv: buffer overflow in realpath</issue>
  <issue tracker="bnc" id="1173937">VUL-0: CVE-2020-15095: nodejs8,nodejs6,nodejs12,nodejs10: information leak through log files</issue>
  <issue tracker="bnc" id="1172686">nodejs8/10/12 fail on ReqWrapList test with GCC10 on aarch64</issue>
  <issue tracker="cve" id="2020-8252"/>
  <issue tracker="cve" id="2020-15095"/>
  <issue tracker="cve" id="2020-8201"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs12</summary>
  <description>This update for nodejs12 fixes the following issues:

- nodejs12 was updated to 12.18.4 LTS:
   - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion (bsc#1176605).
   - CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).
   - CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation
  on Aarch64 with gcc10 (bsc#1172686)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places