Nodejs has issued an advisory on August 11: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ The issues are fixed upstream in 14.17.5: https://nodejs.org/en/blog/release/v14.17.5/ Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 14.17.5Whiteboard: (none) => MGA8TOO
On August 31 there will be another security update: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
(In reply to David Walser from comment #1) > On August 31 there will be another security update: > https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/ This advisory is now live. Issues are fixed upstream in 14.17.6: https://nodejs.org/en/blog/release/v14.17.6/
Summary: nodejs new security issues CVE-2021-2293[19] and CVE-2021-22940 => nodejs new security issues CVE-2021-2293[19], CVE-2021-22940, CVE-2021-37701, CVE-2021-3771[23], CVE-2021-3913[45]Status comment: Fixed upstream in 14.17.5 => Fixed upstream in 14.17.6
fixed in mga8 src: - nodejs-14.17.6-1.mga8 version 16.10.0 is in WIP for cauldron.
Assignee: mageia => qa-bugsWhiteboard: MGA8TOO => (none)Status comment: Fixed upstream in 14.17.6 => (none)Version: Cauldron => 8
nodejs-14.17.6-1.mga8 nodejs-docs-14.17.6-1.mga8 nodejs-libs-14.17.6-1.mga8 nodejs-devel-14.17.6-1.mga8 npm-6.14.15-1.14.17.6.1.mga8 v8-devel-8.4.371.23.mga8-1.mga8 from nodejs-14.17.6-1.mga8.src.rpm
MGA8-64 Plasma on Lenovo B50 No installation issues ref bug 29028 Comment 8 for test at CLI $ cd Documenten $ node main.js Server running at http://127.0.0.1:8081/ Then pointing browser to it displays "Hello world" OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0463.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED