[ubuntu/jammy-security] nodejs 12.22.9~dfsg-1ubuntu3.2 (Accepted)
Amir Naseredini
amir.naseredini at canonical.com
Tue Nov 21 09:17:11 UTC 2023
nodejs (12.22.9~dfsg-1ubuntu3.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary Code Execution
- debian/patches/CVE-2022-32212-1.patch: fixed IPv4 validation in
inspector_socket
- debian/patches/CVE-2022-32212-2.patch: fixed IPv4 non routable validation
- debian/patches/CVE-2022-32213-1.patch: add common.mustSucceed for the -2
patch
- debian/patches/CVE-2022-32213-2.patch: stricter Transfer-Encoding and
header separator parsing. Also fixes CVE-2022-32214 and CVE-2022-32215
- debian/patches/CVE-2022-32213-3.patch: disabled chunked encoding when OBS
fold is used. Also fixes CVE-2022-35256.
- debian/patches/CVE-2022-43548.patch: harden IP address validation again
- CVE-2022-32212
- CVE-2022-32213
- CVE-2022-32214
- CVE-2022-32215
- CVE-2022-35256
- CVE-2022-43548
Date: 2023-11-17 22:21:11.938809+00:00
Changed-By: Amir Naseredini <amir.naseredini at canonical.com>
https://launchpad.net/ubuntu/+source/nodejs/12.22.9~dfsg-1ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list