git: ba1131a59aad - main - security/vuxml: document Node.js August 2021 Security Releases (2)
Bradley T. Hughes
bhughes at FreeBSD.org
Tue Sep 21 20:28:49 UTC 2021
The branch main has been updated by bhughes:
URL: https://cgit.FreeBSD.org/ports/commit/?id=ba1131a59aadec6c066c0933159602dd7d036b5a
commit ba1131a59aadec6c066c0933159602dd7d036b5a
Author: Bradley T. Hughes <bhughes at FreeBSD.org>
AuthorDate: 2021-09-21 20:10:07 +0000
Commit: Bradley T. Hughes <bhughes at FreeBSD.org>
CommitDate: 2021-09-21 20:27:13 +0000
security/vuxml: document Node.js August 2021 Security Releases (2)
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/
Sponsored by: Miles AS
---
security/vuxml/vuln-2021.xml | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index c1e4db44a3e7..d31a3c2a7732 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,36 @@
+ <vuln vid="7062bce0-1b17-11ec-9d9d-0022489ad614">
+ <topic>Node.js -- August 2021 Security Releases (2)</topic>
+ <affects>
+ <package>
+ <name>node14</name>
+ <range><lt>14.17.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Node.js reports:</p>
+ <blockquote cite="https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/">
+ <h1>npm 6 update - node-tar, arborist, npm cli modules</h1>
+ <p>These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2021-32803</cvename>
+ <cvename>CVE-2021-32804</cvename>
+ <cvename>CVE-2021-37701</cvename>
+ <cvename>CVE-2021-37712</cvename>
+ <cvename>CVE-2021-37713</cvename>
+ <cvename>CV#-2021-39134</cvename>
+ <cvename>CVE-2021-39135</cvename>
+ <url>https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/</url>
+ </references>
+ <dates>
+ <discovery>2021-08-31</discovery>
+ <entry>2021-09-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b092bd4f-1b16-11ec-9d9d-0022489ad614">
<topic>Node.js -- August 2021 Security Releases</topic>
<affects>
More information about the dev-commits-ports-main
mailing list