-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible wrong CVE-2021-22930 reference (should be CVE-2021-22940) in tagged v16.6.2 / v14.17.5 releases #40306
Comments
@nodejs/security |
cfi-gb
changed the title
Wrong CVE-2021-22930 reference (should be CVE-2021-22940) in tagged v16.6.2 / v14.17.5 releases
Possible wrong CVE-2021-22930 reference (should be CVE-2021-22940) in tagged v16.6.2 / v14.17.5 releases
Oct 4, 2021
Mesteery
added
doc
Issues and PRs related to the documentations.
security
Issues and PRs related to security.
labels
Oct 4, 2021
The changelog should be updated, @cfi-gb analysis is correct. cc @nodejs/releasers |
on it |
@mcollina CVE-2021-22930 seems still private. Is that expected? |
Not really, I just requested pubblication. it'll be out soon. |
targos
added a commit
to targos/node
that referenced
this issue
Oct 4, 2021
targos
added a commit
to targos/nodejs.org
that referenced
this issue
Oct 4, 2021
Changelog fix: #40308 |
targos
added a commit
to nodejs/nodejs.org
that referenced
this issue
Oct 4, 2021
Thanks a lot for everyone contributing to this report. 👍 |
danielleadams
pushed a commit
that referenced
this issue
Oct 5, 2021
Fixes: #40306 PR-URL: #40308 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Vladimir de Turckheim <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Rich Trott <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
As this is affecting this repository / the tagged releases of this repo i hope this is the correct place to report this problem, if not please let me know where to forward the following below.
On the following tags:
as well as in the related CHANGELOG_v14.md / CHANGELOG_v16.md the following is stated for the mentioned releases:
Comparing the releases with the announcement here:
https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/
this probably should be the following instead:
due to:
The text was updated successfully, but these errors were encountered: