Possible wrong CVE-2021-22930 reference (should be CVE-2021-22940) in tagged v16.6.2 / v14.17.5 releases #40306
Comments
|
@nodejs/security |
cfi-gb
changed the title
Mesteery
added
doc
|
The changelog should be updated, @cfi-gb analysis is correct. cc @nodejs/releasers |
|
on it |
|
@mcollina CVE-2021-22930 seems still private. Is that expected? |
|
Not really, I just requested pubblication. it'll be out soon. |
targos
added a commit
to targos/node
that referenced
this issue
Oct 4, 2021
targos
added a commit
to targos/nodejs.org
that referenced
this issue
Oct 4, 2021
|
Changelog fix: #40308 |
targos
added a commit
to nodejs/nodejs.org
that referenced
this issue
Oct 4, 2021
|
Thanks a lot for everyone contributing to this report. 👍 |
danielleadams
pushed a commit
that referenced
this issue
Oct 5, 2021
Fixes: #40306 PR-URL: #40308 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As this is affecting this repository / the tagged releases of this repo i hope this is the correct place to report this problem, if not please let me know where to forward the following below.
On the following tags:
as well as in the related CHANGELOG_v14.md / CHANGELOG_v16.md the following is stated for the mentioned releases:
Comparing the releases with the announcement here:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
this probably should be the following instead:
due to:
The text was updated successfully, but these errors were encountered: