node icon indicating copy to clipboard operation
node copied to clipboard
verified publisher icon nodejs

deps: V8: backport f320600cd1f4 (V20.x CVE-2024-4761)

Open giancorderoortiz opened this issue 1 year ago • 6 comments

V8 Backport of https://github.com/v8/v8/commit/f320600cd1f48ba6bb57c0395823fe0c5e5ec52e

Fixes https://github.com/advisories/GHSA-8q82-45v9-cmr9, which has been tagged by CISA as KEV.

giancorderoortiz avatar Aug 27 '24 22:08 giancorderoortiz

Review requested:

  • [ ] @nodejs/gyp
  • [ ] @nodejs/security-wg
  • [ ] @nodejs/v8-update

nodejs-github-bot avatar Aug 27 '24 22:08 nodejs-github-bot

Latest Node 20 minor version has V8 11.3.244.8. See https://github.com/nodejs/node/blob/v20.17.0/deps/v8/include/v8-version.h CVE-2024-4761 fixed in V8 version 12.6.213 by https://github.com/v8/v8/commit/f320600cd1f48ba6bb57c0395823fe0c5e5ec52e Hence the need for a backport.

giancorderoortiz avatar Aug 27 '24 22:08 giancorderoortiz

CI: https://ci.nodejs.org/job/node-test-pull-request/62126/

nodejs-github-bot avatar Sep 07 '24 23:09 nodejs-github-bot

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-ppc64le,v8test=v8test/6180/

nodejs-github-bot avatar Sep 07 '24 23:09 nodejs-github-bot

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-s390x,v8test=v8test/6180/

nodejs-github-bot avatar Sep 07 '24 23:09 nodejs-github-bot

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=benchmark-ubuntu2204-intel-64,v8test=v8test/6180/

nodejs-github-bot avatar Sep 07 '24 23:09 nodejs-github-bot

v20 is now in maintainance, like v18 I dont think this is going to be backported.

marco-ippolito avatar Jan 22 '25 13:01 marco-ippolito