| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-21710
The CVE is fixed in the current recipe version[1], but NVD tracks it
without verison info.
Mark it as patched in the recipe.
[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit b483760dba76bb66bad820ea0246a38692c28c45)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.
[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
|
|
This is the March 2026 security release.
2 high severity issues.
5 medium severity issues.
2 low severity issues.
High priority fixes:
CVE-2026-21637
CVE-2026-21710
Medium priority fixes:
CVE-2026-21711 (affects only nodejs v25)
CVE-2026-21712 (affects only nodejs v24 & v25)
CVE-2026-21713
CVE-2026-21714
CVE-2026-21717
Low priority fixes:
CVE-2026-21715
CVE-2026-21716
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit d32cd27eaaa13b296c268df234d2fb2cefa62946)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|