Bug 52810

Summary: Обновить node для исправления CVE
Product: Branch p11 Reporter: Vitaly Lipatov <lav>
Component: nodeAssignee: Vitaly Lipatov <lav>
Status: ASSIGNED --- QA Contact: qa-p11 <qa-p11>
Severity: normal    
Priority: P5 CC: amakeenk
Version: unspecified   
Hardware: x86_64   
OS: Linux   
Bug Depends on: 52804    
Bug Blocks:    

Description Vitaly Lipatov 2025-01-24 14:22:48 MSK 
* Ср янв 22 2025 Vitaly Lipatov <lav@altlinux.ru> 22.13.1-alt1
- fixed CVEs:
 + CVE-2025-23083: src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
 + CVE-2025-23085: src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
 + CVE-2025-23084: path: fix path traversal in normalize() on Windows (Medium)
 + CVE-2025-22150: Use of Insufficiently Random Values in undici fetch() (Medium)