oss-sec mailing list archives

Re: Fwd: Node.js security updates for all active release lines, November 2022

From: Jan Schaumann <jschauma () netmeister org>
Date: Wed, 2 Nov 2022 08:31:47 -0400

"soyjuanarbol () gmail com" <soyjuanarbol () gmail com> wrote:

The Node.js project will release new versions of all supported release 
lines on or shortly after Thursday, 3rd of November, 2022
For more information see: 
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/


Perhaps worth noting: I believe NodeJS 17.x is also
impacted by OpenSSL CVE-2022-3602 and CVE-2022-3786 --
like > 18.x, 17.x also includes the OpenSSL 3.0.x fork
quictls.

However, nodejs 17.x is EOL, so won't see an update.
Good thing nobody ever runs EOL'd software!

-Jan

Current thread:

Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 02)
- Re: Fwd: Node.js security updates for all active release lines, November 2022 Jan Schaumann (Nov 02)
- <Possible follow-ups>
- Fwd: Node.js security updates for all active release lines, November 2022 soyjuanarbol () gmail com (Nov 04)