From: Jonathan Brielmaier <jonathan.brielmaier@web.de>
To: Jelle Licht <jlicht@fsfe.org>, 46634@debbugs.gnu.org
Subject: [bug#46634] [PATCH] gnu: node: Update to 10.23.3. [security fixes]
Date: Tue, 23 Feb 2021 20:29:35 +0100 [thread overview]
Message-ID: <9a584e1f-4f43-57f6-61ae-4de39c8e8015@web.de> (raw)
In-Reply-To: <86czww5nhl.fsf@fsfe.org>
On 19.02.21 12:02, Jelle Licht wrote:
> Hey Guix,
>
> The attached two patches together should address CVE-2020-8287 (in
> Node). I am kind of fuzzy on the details, but to me it seems that the
> vulnerability is actually in http-parser (and llhttp), not node. I
> informed upstream about my findings, but in the mean time we should
> probably apply these.
>
> The node package subsequently has a regression test to demonstrate that
> the applied fix works. Nonetheless, http-parser has quite some
> dependents, and I only verified everything to still work with node.
>
> - Jelle
Impressive work. Looks nice! node-10.23 is required for Firefox >= 86.0
so as well for the next ESR branch of icecat and icedove...
next prev parent reply other threads:[~2021-02-23 19:30 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-19 11:02 [bug#46634] [PATCH] gnu: node: Update to 10.23.3. [security fixes] Jelle Licht
2021-02-23 19:29 ` Jonathan Brielmaier [this message]
2021-02-24 9:38 ` bug#46634: " Jelle Licht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9a584e1f-4f43-57f6-61ae-4de39c8e8015@web.de \
--to=jonathan.brielmaier@web.de \
--cc=46634@debbugs.gnu.org \
--cc=jlicht@fsfe.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).