Overview

File _patchinfo of Package patchinfo.13649

<patchinfo incident="13649">
  <issue tracker="bnc" id="1159352">VUL-0: CVE-2019-16777,CVE-2019-16776,CVE-2019-16775: nodejs6,nodejs8,nodejs10,nodejs12: Arbitrary path overwrite and access via "bin" field</issue>
  <issue tracker="bnc" id="1159812">npm10 gyp config points to npm12 include dirs</issue>
  <issue tracker="bnc" id="1149792">openssl 1.1.1c causes build failures in other packages</issue>
  <issue tracker="cve" id="2019-16775"/>
  <issue tracker="cve" id="2019-16777"/>
  <issue tracker="cve" id="2019-16776"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs10</summary>
  <description>This update for nodejs10 to version 10.18.0 fixes the following issues:

Security issues fixed:

- CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing
    an arbitrary path overwrite and access via "bin" field (bsc#1159352).
- Added support for chacha20-poly1305 for Authenticated encryption (AEAD).

Non-security issues fixed:

- Fixed wrong path in gypi files (bsc#1159812).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places