mirror of
https://github.com/godotengine/buildroot.git
synced 2025-12-31 09:48:56 +03:00
3b6397c10f
Fixes the following security issues: - CVE-2020-8265: use-after-free in TLSWrap (High) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits - CVE-2020-8287: HTTP Request Smuggling in nodejs Affected versions of Node.js allow two copies of a header field in a http request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling - CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL pointer de-reference (High) This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20201208.txt Update the license hash for the addition of the (MIT licensed) cjs-module-lexer module:9eb1fa1924Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commitecc8f0fe84) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
257 B
Plaintext
6 lines
257 B
Plaintext
# From https://nodejs.org/dist/v12.20.1/SHASUMS256.txt
|
|
sha256 e00eee325d705b2bfa9929b7d061eb2315402d7e8548945eac9870bf84321853 node-v12.20.1.tar.xz
|
|
|
|
# Hash for license file
|
|
sha256 221417a7ca275112a5ac54639b36ee3c5184e74631ea1e1b01b701293b655190 LICENSE
|