Overview

File _patchinfo of Package patchinfo.36724

<patchinfo incident="36724">
  <issue tracker="cve" id="2024-21538"/>
  <issue tracker="bnc" id="1233856">VUL-0: CVE-2024-21538: nodejs20,nodejs22,nodejs18: cross-spawn: regular expression denial of service</issue>
  <packager>adamm</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for nodejs20</summary>
  <description>This update for nodejs20 fixes the following issues:
  
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)

Other fixes:
- Updated to 20.18.1:
  * Experimental Network Inspection Support in Node.js
  * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext
  * New option for vm.createContext() to create a context with a
    freezable globalThis
  * buffer: optimize createFromString
- Changes in 20.17.0:
  * module: support require()ing synchronous ESM graphs
  * path: add matchesGlob method
  * stream: expose DuplexPair API
- Changes in 20.16.0:
  * process: add process.getBuiltinModule(id)
  * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth
  * buffer: add .bytes() method to Blob
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places