29301 – nodejs new security issue CVE-2021-22930

Bug 29301 - nodejs new security issue CVE-2021-22930

Summary: nodejs new security issue CVE-2021-22930

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2021-07-30 16:26 CEST by David Walser
Modified:	2021-08-06 11:35 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	nodejs-14.17.3-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-07-30 16:26:22 CEST

Nodejs has issued an advisory today (July 30):
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/

The issue is fixed upstream in 14.17.4:
https://nodejs.org/en/blog/release/v14.17.4/

Mageia 8 is also affected.

David Walser 2021-07-30 16:26:40 CEST

Status comment: (none) => Fixed upstream in 14.17.4
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2021-07-30 20:27:18 CEST

Joseph is both registered & an active maintainer of this, so assigning thus.

Assignee: bugsquad => joequant

Comment 2 Nicolas Lécureuil 2021-07-31 15:55:35 CEST

fixed in mga8/9:

src:
    - nodejs-14.17.4-1.mga8

Version: Cauldron => 8
Whiteboard: MGA8TOO => (none)
Assignee: joequant => qa-bugs
Status comment: Fixed upstream in 14.17.4 => (none)
CC: (none) => joequant, mageia

Comment 3 David Walser 2021-07-31 17:18:40 CEST

nodejs-14.17.4-1.mga8
nodejs-docs-14.17.4-1.mga8
nodejs-libs-14.17.4-1.mga8
nodejs-devel-14.17.4-1.mga8
v8-devel-8.4.371.23.mga8-1.mga8
npm-6.14.14-1.14.17.4.1.mga8

from nodejs-14.17.4-1.mga8.src.rpm

Comment 4 Herman Viaene 2021-08-03 16:50:24 CEST

MGA8-64 Plasma on Lenovo B50
No installation issues.
Ref bug 29028 Comment 8 for test
"Hello world" displays OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 5 Thomas Andrews 2021-08-06 02:56:43 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-08-06 10:43:06 CEST

Keywords: (none) => advisory

Comment 6 Mageia Robot 2021-08-06 11:35:21 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0394.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.