Overview

File _patchinfo of Package patchinfo.20335

<patchinfo incident="20335">
  <issue tracker="cve" id="2021-3449"/>
  <issue tracker="cve" id="2020-7774"/>
  <issue tracker="cve" id="2021-27290"/>
  <issue tracker="cve" id="2021-22918"/>
  <issue tracker="cve" id="2021-23362"/>
  <issue tracker="cve" id="2021-3450"/>
  <issue tracker="bnc" id="1183852">VUL-0: CVE-2021-3449: openssl-1_1: NULL pointer deref in signature_algorithms processing</issue>
  <issue tracker="bnc" id="1187973">VUL-0: CVE-2021-22918: nodejs10,nodejs12,nodejs14,nodejs,libuv: libuv upgrade - Out of bounds read</issue>
  <issue tracker="bnc" id="1184450">VUL-0: CVE-2020-7774: nodejs8, nodejs10, nodejs12, nodejs14:  y18n Prototype Pollution</issue>
  <issue tracker="bnc" id="1187977">VUL-0: CVE-2021-23362: nodejs10,nodejs12,nodejs14,nodejs: npm upgrade - hosted-git-info Regular Expression Denial of Service (ReDoS)</issue>
  <issue tracker="bnc" id="1183155">nodejs on i586 fails to build very often</issue>
  <issue tracker="bnc" id="1183851">VUL-0: CVE-2021-3450: openssl-1_1: CA certificate check bypass with X509_V_FLAG_X509_STRICT</issue>
  <issue tracker="bnc" id="1187976">VUL-0: CVE-2021-27290: nodejs10,nodejs12,nodejs14,nodejs: npm upgrade - ssri Regular Expression Denial of Service (ReDoS)</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs10</summary>
  <description>This update for nodejs10 fixes the following issues:

Update nodejs10 to 10.24.1.

Including fixes for 

- CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973)
- CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976)
- CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977)
- CVE-2020-7774: y18n Prototype Pollution (bsc#1184450)
- CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851)
- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852)
- reduce memory footprint of test-worker-stdio (bsc#1183155)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places