Bug 52810 - Обновить node для исправления CVE
Summary: Обновить node для исправления CVE
Status: ASSIGNED
Alias: None
Product: Branch p11
Classification: Unclassified
Component: node (show other bugs)
Version: unspecified
Hardware: x86_64 Linux
: P5 normal
Assignee: Vitaly Lipatov
QA Contact: qa-p11@altlinux.org
URL:
Keywords:
Depends on: 52804
Blocks:
  Show dependency tree
 
Reported: 2025-01-24 14:22 MSK by Vitaly Lipatov
Modified: 2025-01-26 17:53 MSK (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vitaly Lipatov 2025-01-24 14:22:48 MSK 
* Ср янв 22 2025 Vitaly Lipatov <lav@altlinux.ru> 22.13.1-alt1
- fixed CVEs:
 + CVE-2025-23083: src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
 + CVE-2025-23085: src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
 + CVE-2025-23084: path: fix path traversal in normalize() on Windows (Medium)
 + CVE-2025-22150: Use of Insufficiently Random Values in undici fetch() (Medium)