From dd1977f3ddda8bb0b939699cae998e4e72d3677a Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Mon, 13 Feb 2023 17:12:17 -0300
Subject: [PATCH] 2023-02-16, Version 19.6.1 (Current)

This is a security release.

The following CVEs are fixed in this release:

- CVE-2023-23919: OpenSSL errors not cleared in error stack (Medium)
- CVE-2023-23918: Experimental Policies bypass via `process.mainModule.require`(High)
- CVE-2023-23920: Insecure loading of ICU data through ICU_DATA environment variable (Low)
- OpenSSL 3.0.8
- undici 5.19.1

PR-URL: #385
---
 CHANGELOG.md                    |  3 ++-
 doc/changelogs/CHANGELOG_V19.md | 35 ++++++++++++++++++++++++++++++++-
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index be7c92064804af..3237e44e291de0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,7 +35,8 @@ release.
 </tr>
 <tr>
   <td valign="top">
-<b><a href="doc/changelogs/CHANGELOG_V19.md#19.6.0">19.6.0</a></b><br/>
+<b><a href="doc/changelogs/CHANGELOG_V19.md#19.6.1">19.6.1</a></b><br/>
+<a href="doc/changelogs/CHANGELOG_V19.md#19.6.0">19.6.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V19.md#19.5.0">19.5.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V19.md#19.4.0">19.4.0</a><br/>
 <a href="doc/changelogs/CHANGELOG_V19.md#19.3.0">19.3.0</a><br/>
diff --git a/doc/changelogs/CHANGELOG_V19.md b/doc/changelogs/CHANGELOG_V19.md
index 3df0483a66b4b8..dcf7a7a2cc8178 100644
--- a/doc/changelogs/CHANGELOG_V19.md
+++ b/doc/changelogs/CHANGELOG_V19.md
@@ -8,7 +8,8 @@
 </tr>
 <tr>
 <td>
-<b><a href="#19.6.0">19.6.0</a></b><br/>
+<b><a href="#19.6.1">19.6.1</a></b><br/>
+<a href="#19.6.0">19.6.0</a><br/>
 <a href="#19.5.0">19.5.0</a><br/>
 <a href="#19.4.0">19.4.0</a><br/>
 <a href="#19.3.0">19.3.0</a><br/>
@@ -41,6 +42,38 @@
   * [io.js](CHANGELOG_IOJS.md)
   * [Archive](CHANGELOG_ARCHIVE.md)
 
+<a id="19.6.1"></a>
+
+## 2023-02-16, Version 19.6.1 (Current), @RafaelGSS
+
+This is a security release.
+
+### Notable Changes
+
+The following CVEs are fixed in this release:
+
+* **[CVE-2023-23919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23919)**: OpenSSL errors not cleared in error stack (Medium)
+* **[CVE-2023-23918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23918)**: Experimental Policies bypass via `process.mainModule.require`(High)
+* **[CVE-2023-23920](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23920)**: Insecure loading of ICU data through ICU\_DATA environment variable (Low)
+
+More detailed information on each of the vulnerabilities can be found in [February 2023 Security Releases](https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/) blog post.
+
+This security release includes OpenSSL security updates as outlined in the recent
+[OpenSSL security advisory](https://www.openssl.org/news/secadv/20230207.txt) and `undici` security update.
+
+### Commits
+
+* \[[`97d9d55d2f`](https://github.com/nodejs/node/commit/97d9d55d2f)] - **build**: build ICU with ICU\_NO\_USER\_DATA\_OVERRIDE (RafaelGSS) [nodejs-private/node-private#374](https://github.com/nodejs-private/node-private/pull/374)
+* \[[`8ac90e6372`](https://github.com/nodejs/node/commit/8ac90e6372)] - **crypto**: clear OpenSSL error on invalid ca cert (RafaelGSS) [nodejs-private/node-private#368](https://github.com/nodejs-private/node-private/pull/368)
+* \[[`10a4c47e3a`](https://github.com/nodejs/node/commit/10a4c47e3a)] - **deps**: update undici to 5.19.1 (Node.js GitHub Bot) [#46634](https://github.com/nodejs/node/pull/46634)
+* \[[`b10fc75e4a`](https://github.com/nodejs/node/commit/b10fc75e4a)] - **deps**: update undici to 5.18.0 (Node.js GitHub Bot) [#46502](https://github.com/nodejs/node/pull/46502)
+* \[[`e9b64ea8b9`](https://github.com/nodejs/node/commit/e9b64ea8b9)] - **deps**: update undici to 5.17.1 (Node.js GitHub Bot) [#46502](https://github.com/nodejs/node/pull/46502)
+* \[[`66a24cec47`](https://github.com/nodejs/node/commit/66a24cec47)] - **deps**: cherry-pick Windows ARM64 fix for openssl (Richard Lau) [#46573](https://github.com/nodejs/node/pull/46573)
+* \[[`d8559aa6f5`](https://github.com/nodejs/node/commit/d8559aa6f5)] - **deps**: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://github.com/nodejs/node/pull/46573)
+* \[[`dc477f547d`](https://github.com/nodejs/node/commit/dc477f547d)] - **deps**: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) [#46573](https://github.com/nodejs/node/pull/46573)
+* \[[`2aae197670`](https://github.com/nodejs/node/commit/2aae197670)] - **lib**: makeRequireFunction patch when experimental policy (RafaelGSS) [nodejs-private/node-private#358](https://github.com/nodejs-private/node-private/pull/358)
+* \[[`6d17b693ec`](https://github.com/nodejs/node/commit/6d17b693ec)] - **policy**: makeRequireFunction on mainModule.require (RafaelGSS) [nodejs-private/node-private#358](https://github.com/nodejs-private/node-private/pull/358)
+
 <a id="19.6.0"></a>
 
 ## 2023-02-02, Version 19.6.0 (Current), @ruyadorno