node icon indicating copy to clipboard operation
node copied to clipboard
verified publisher icon nodejs

[v20.x] deps: V8: backport 2944ee9846e7 (CVE-2024-4947)

Open giancorderoortiz opened this issue 1 year ago • 7 comments

V8 backport of https://github.com/v8/v8/commit/2944ee9846e Applicable to v20.x Fixes CVE-2024-4947 which has been tagged by CISA as KEV.

giancorderoortiz avatar Sep 05 '24 23:09 giancorderoortiz

Review requested:

  • [ ] @nodejs/gyp
  • [ ] @nodejs/security-wg
  • [ ] @nodejs/v8-update

nodejs-github-bot avatar Sep 05 '24 23:09 nodejs-github-bot

CI: https://ci.nodejs.org/job/node-test-pull-request/62096/

nodejs-github-bot avatar Sep 07 '24 07:09 nodejs-github-bot

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=benchmark-ubuntu2204-intel-64,v8test=v8test/6178/

nodejs-github-bot avatar Sep 07 '24 07:09 nodejs-github-bot

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-s390x,v8test=v8test/6178/

nodejs-github-bot avatar Sep 07 '24 07:09 nodejs-github-bot

As per policy this patch needs to be released on an Current branch (v22.x) and wait 2 weeks before being backported to an LTS branch

marco-ippolito avatar Sep 07 '24 07:09 marco-ippolito

V8 CI: https://ci.nodejs.org/job/node-test-commit-v8-linux/nodes=rhel8-ppc64le,v8test=v8test/6178/

nodejs-github-bot avatar Sep 07 '24 07:09 nodejs-github-bot

@marco-ippolito the information I have is that this backport has been applied to V8 version https://github.com/v8/v8/releases/tag/12.4.254.17 by commit https://github.com/v8/v8/commit/428311441d4 NodeJs version 22.8.0 is using V8 version 12.4.254.21. I'd assume the backport is already applied Current branch (v22.x), no? (https://github.com/nodejs/node/blob/v22.8.0/deps/v8/include/v8-version.h)

giancorderoortiz avatar Sep 08 '24 14:09 giancorderoortiz

v20 is now in maintainance, like v18 I dont think these is going to be backported.

marco-ippolito avatar Jan 22 '25 13:01 marco-ippolito