Date: Thu, 14 Oct 2021 18:31:25 GMT From: "Bradley T. Hughes" <bhughes@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 5cc1cb529d43 - main - security/vuxml: document Node.js October 2021 Security Releases Message-ID: <202110141831.19EIVPZp033234@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by bhughes: URL: https://cgit.FreeBSD.org/ports/commit/?id=5cc1cb529d439922e254a8f2fb05fcb6af270cc4 commit 5cc1cb529d439922e254a8f2fb05fcb6af270cc4 Author: Bradley T. Hughes <bhughes@FreeBSD.org> AuthorDate: 2021-10-14 18:03:21 +0000 Commit: Bradley T. Hughes <bhughes@FreeBSD.org> CommitDate: 2021-10-14 18:31:11 +0000 security/vuxml: document Node.js October 2021 Security Releases https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/ Sponsored by: Miles AS --- security/vuxml/vuln-2021.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 42300253f921..514be5f87788 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,37 @@ + <vuln vid="a9c5e89d-2d15-11ec-8363-0022489ad614"> + <topic>Node.js -- October 2021 Security Releases</topic> + <affects> + <package> + <name>node</name> + <range><lt>16.11.1</lt></range> + </package> + <package> + <name>node14</name> + <range><lt>14.18.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Node.js reports:</p> + <blockquote cite="https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/">; + <h1>HTTP Request Smuggling due to spaced in headers (Medium)(CVE-2021-22959)</h1> + <p>The http parser accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS).</p> + <h1>HTTP Request Smuggling when parsing the body (Medium)(CVE-2021-22960)</h1> + <p>The parse ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-22959</cvename> + <cvename>CVE-2021-22960</cvename> + <url>https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/</url>; + </references> + <dates> + <discovery>2021-10-12</discovery> + <entry>2021-10-14</entry> + </dates> + </vuln> + <vuln vid="2a1b931f-2b86-11ec-8acd-c80aa9043978"> <topic>OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202110141831.19EIVPZp033234>