File _patchinfo of Package patchinfo.8543

<patchinfo incident="8543">
  <issue tracker="bnc" id="1105019">VUL-0: CVE-2018-12115: nodejs4,nodejs6,nodejs8,nodejs10: Out of bounds (OOB) write</issue>
  <issue tracker="bnc" id="1097748">devel:languages:nodejs/nodejs8: installing nodejs8 also installs nodejs9 and npm9 (instead of npm8)</issue>
  <issue tracker="bnc" id="1082318">Packages must not mark license files as %doc</issue>
  <issue tracker="bnc" id="1097158">VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively large primes in DH key generation.</issue>
  <issue tracker="bnc" id="1091764">[staging] FTBFS: nojdejs8 fails to build against icu 61.1</issue>
  <issue tracker="cve" id="2018-0732"/>
  <issue tracker="cve" id="2018-12115"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>This update for nodejs4 fixes the following issues:

Security issues fixed:

- CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be
  used to write to memory outside of a Buffer's memory space buffer (bsc#1105019)
- Upgrade to OpenSSL 1.0.2p, which fixed:
  - CVE-2018-0732: Client denial-of-service due to large DH parameter (bsc#1097158)
  - ECDSA key extraction via local side-channel

Other changes made:

- Recommend same major version npm package (bsc#1097748)
- Use absolute paths in executable shebang lines
- Fix building with ICU61.1 (bsc#1091764)
- Install license with %license, not %doc (bsc#1082318)
</description>
  <summary>Security update for nodejs4</summary>
</patchinfo>