File CVE-2023-23920.patch of Package nodejs10

commit 97a0443f1369e65cf656a529b2f5433bfd56ad92
Author: RafaelGSS <rafael.nunu@hotmail.com>
Date:   Wed Jan 18 17:37:37 2023 -0300

    build: build ICU with ICU_NO_USER_DATA_OVERRIDE
    
    CVE-ID: CVE-2023-23920
    Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/377
    PR-URL: https://github.com/nodejs-private/node-private/pull/374
    Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1625036
    Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
    Reviewed-By: Richard Lau <rlau@redhat.com>
    Reviewed-By: Michael Dawson <midawson@redhat.com>

diff --git a/configure.py b/configure.py
index 892e1d4202..9a75dbb76d 100755
--- a/configure.py
+++ b/configure.py
@@ -1487,6 +1487,9 @@ def configure_intl(o):
   # always set icu_small, node.gyp depends on it being defined.
   o['variables']['icu_small'] = b(False)
 
+  # prevent data override
+  o['defines'] += ['ICU_NO_USER_DATA_OVERRIDE']
+
   with_intl = options.with_intl
   with_icu_source = options.with_icu_source
   have_icu_path = bool(options.with_icu_path)
Places

File CVE-2023-23920.patch of Package nodejs10

Places
