File _patchinfo of Package patchinfo.16598

<patchinfo incident="16598">
  <issue tracker="cve" id="2020-11080"/>
  <issue tracker="cve" id="2020-7598"/>
  <issue tracker="cve" id="2020-15095"/>
  <issue tracker="cve" id="2020-8174"/>
  <issue tracker="bnc" id="1166916">VUL-0: CVE-2020-7598: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload</issue>
  <issue tracker="bnc" id="1172686">nodejs8/10/12 fail on ReqWrapList test with GCC10 on aarch64</issue>
  <issue tracker="bnc" id="1172442">VUL-0: CVE-2020-11080: nodejs12,nodejs10: HTTP/2 Large Settings Frame DoS</issue>
  <issue tracker="bnc" id="1172443">VUL-0: CVE-2020-8174: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: napi_get_value_string_*() allows various kinds of memory corruption</issue>
  <issue tracker="bnc" id="1172728">npm missing Requires on nodejs</issue>
  <issue tracker="bnc" id="1173937">VUL-0: CVE-2020-15095: nodejs8,nodejs6,nodejs12,nodejs10: information leak through log files</issue>
  <packager>adamm</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for nodejs8</summary>
  <description>This update for nodejs8 fixes the following issues:

- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). 
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying 
  properties of Object.prototype (bsc#1166916)
- CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686).
- Add Require for nodejs8 when intalling npm8 (bsc#1172728)
</description>
</patchinfo>