File _patchinfo of Package patchinfo.13494

<patchinfo incident="13494">
  <issue tracker="jsc" id="SLE-8947"/>
  <issue tracker="bnc" id="1146093">VUL-0: CVE-2019-9518: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a flood of empty frames, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1146095">VUL-0: CVE-2019-9514: nodejs4,nodejs6,nodejs8,nodejs10,nodejs:  HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1146100">VUL-0: CVE-2019-9515: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using SETTINGS frames results in unbounded memory growth</issue>
  <issue tracker="bnc" id="1146099">VUL-0: CVE-2019-9512: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using PING frames results in unbounded memory growth</issue>
  <issue tracker="bnc" id="1140290">VUL-0: CVE-2019-13173: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: nodejs-fstream: File overwrite in fstream.DirWriter() function</issue>
  <issue tracker="bnc" id="1146097">VUL-0: CVE-2019-9517: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to unconstrained interal data buffering</issue>
  <issue tracker="bnc" id="1146090">VUL-0: CVE-2019-9516: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="bnc" id="1146094">VUL-1: CVE-2019-9513: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.</issue>
  <issue tracker="bnc" id="1146091">VUL-0: CVE-2019-9511: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service</issue>
  <issue tracker="cve" id="2019-9516"/>
  <issue tracker="cve" id="2019-9511"/>
  <issue tracker="cve" id="2019-13173"/>
  <issue tracker="cve" id="2019-9517"/>
  <issue tracker="cve" id="2019-9513"/>
  <issue tracker="cve" id="2019-9515"/>
  <issue tracker="cve" id="2019-9518"/>
  <issue tracker="cve" id="2019-9512"/>
  <issue tracker="cve" id="2019-9514"/>
  <packager>adamm</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nodejs12</summary>
  <description>This update for nodejs12 fixes the following issues:

Update to LTS release 12.13.0 (jsc#SLE-8947).

Security issues fixed:

- CVE-2019-9511: Fixed the HTTP/2 implementation that was vulnerable to window size manipulations (bsc#1146091).
- CVE-2019-9512: Fixed the HTTP/2 implementation that was vulnerable to floods using PING frames (bsc#1146099).
- CVE-2019-9513: Fixed the HTTP/2 implementation that was vulnerable to resource loops, potentially leading to a denial of service (bsc#1146094).
- CVE-2019-9514: Fixed the HTTP/2 implementation that was vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed the HTTP/2 implementation that was vulnerable to a SETTINGS frame flood (bsc#1146100).
- CVE-2019-9516: Fixed the HTTP/2 implementation that was vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed the HTTP/2 implementation that was vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed the HTTP/2 implementation that was vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
- CVE-2019-13173: Fixed a file overwrite in the fstream.DirWriter() function (bsc#1140290).
</description>
</patchinfo>