From 6385329a48c99187311855bcac34b7d08c4491f3 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 11 Jan 2022 14:41:52 -0500 Subject: [PATCH] Security release 14.18.3 Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) Prototype pollution via `console.table` properties (Low)(CVE-2022-21824) Signed-off-by: Stephen Gallagher --- nodejs.spec | 10 +++++++++- sources | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/nodejs.spec b/nodejs.spec index 9452a3d..9e3446c 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -20,7 +20,7 @@ %global nodejs_epoch 1 %global nodejs_major 14 %global nodejs_minor 18 -%global nodejs_patch 2 +%global nodejs_patch 3 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h %global nodejs_soversion 83 @@ -668,6 +668,14 @@ end %changelog +* Tue Jan 11 2022 Stephen Gallagher - 1:14.18.3-1 +- Security release 14.18.3 +- Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531) +- Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532) +- Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533) +- Prototype pollution via `console.table` properties (Low)(CVE-2022-21824) + + * Thu Dec 09 2021 Stephen Gallagher - 1:14.18.2-1 - Update to bugfix release 14.18.2 - Fixes a regression in DNS lookups of CNAME records with an underscore diff --git a/sources b/sources index 0e840e8..4acd43b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (node-v14.18.2-stripped.tar.gz) = 60bbec13348f92f7ab9cb7bb87f6c5d57dbebcb5a7eb18ed694a61302c3ffb0fa85328176d6ca155a4984de8e8a1ec26874cce369f4a9f8c7bd11b9a07b63564 +SHA512 (node-v14.18.3-stripped.tar.gz) = ff091b42b5bb39d95cebc59e538a9ed2c8ecf165ac9c6bd6bfff4e0d3b97b5f52d6365f616cc60f6220e7a65a007f7d8f9dc2bb0cfe264bfe19a0d21e999652c SHA512 (icu4c-69_1-src.tgz) = d4aeb781715144ea6e3c6b98df5bbe0490bfa3175221a1d667f3e6851b7bd4a638fa4a37d4a921ccb31f02b5d15a6dded9464d98051964a86f7b1cde0ff0aab7