Debian has issued an advisory on February 24: https://www.debian.org/security/2021/dsa-4863 The issues are fixed upstream in 10.24.0 and 14.16.0: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/ https://nodejs.org/en/blog/release/v10.24.0/ https://nodejs.org/en/blog/release/v14.16.0/ Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Fixed upstream in 10.24.0 and 14.16.0
Assigning to Joseph, registered & active maintainer.
Assignee: bugsquad => joequant
Mageia 7 update built by Nicolas (Mageia 8 and Cauldron are WIP): nodejs-10.24.0-10.mga7 nodejs-devel-10.24.0-10.mga7 nodejs-libs-10.24.0-10.mga7 v8-devel-6.8.275.32-10.mga7 npm-6.14.11-1.10.24.0.10.mga7 nodejs-docs-10.24.0-10.mga7
CC: (none) => mageia
mga8 rpm is building as we speak.
rpms for mageia 8: v8-devel-8.4.371.19.mga8-1.mga8 nodejs-14.16.0-1.mga8 nodejs-devel-14.16.0-1.mga8 npm-6.14.11-1.14.16.0.1.mga8 nodejs-docs-14.16.0-1.mga8 nodejs-libs-14.16.0-1.mga8
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8Assignee: joequant => qa-bugs
tested nodejs and npm, no issue
Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OKBlocks: (none) => 28481
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0092.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Status comment: Fixed upstream in 10.24.0 and 14.16.0 => (none)
(In reply to Nicolas Lécureuil from comment #4) > rpms for mageia 8: > > v8-devel-8.4.371.19.mga8-1.mga8 Interestingly no-one caught this versioning error now reported in https://bugs.mageia.org/show_bug.cgi?id=28767