Resolves: RHEL-176172 Resolves: RHEL-189392 Resolves: RHEL-189368 Resolves: RHEL-189350 Resolves: RHEL-186004 Fixes CVE-2026-12151 by updating deps/undici to version 6.27.0. Advisory: https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q Also fixes following CVEs: CVE-2026-48618 tls: normalize hostname for server identity checks. CVE-2026-48933 crypto: guard WebCrypto cipher output length. CVE-2026-48937 deps: fix integration issues with the latest nghttp2. CVE-2026-48930 dns,net: reject hostnames with embedded NUL bytes. CVE-2026-48619 http2: cap originSet size to prevent unbounded memory growth. CVE-2026-48615 lib,test: redact proxy credentials in tunnel errors. CVE-2026-48934 tls: bind reusable sessions to authenticated host. CVE-2026-48928 tls: fix case-sensitive SNI context matching. CVE-2026-48617 permission: handle process.chdir on writereport. CVE-2026-48931 http: fix response queue poisoning in http.Agent. CVE-2026-48935 permission: disable FileHandle utimes with permission model. Update blog: https://nodejs.org/en/blog/release/v22.23.0 Drop downstream nghttp2 patch
4 lines
502 B
Plaintext
4 lines
502 B
Plaintext
SHA512 (node-v22.23.1-stripped.tar.gz) = dee26039e7a6f5d740c9f022ff702699748901c72d77ec41b91f4d9cc295d79596435d3e74446074bee1b34bd18b34f09144cd63266bf68858c975bb9e6339a3
|
|
SHA512 (icu4c-78.2-data-bin-b.zip) = 032a1e519bf92dfa7936ef85ebed697550dbcb4e32c6ecd28ffecb158a403eeff6c0a3545b2551eba73f288e31693be6880e202a38cd86c129dffa395e8ab625
|
|
SHA512 (icu4c-78.2-data-bin-l.zip) = c0b46de115332940d3276763904caa6257eb516edce4382632f4b96a5b010fee4cb06a5e10ef5eee2f881515c1ee8277d9ae59015f6de6fe1d175b9d00dbb1ca
|