nodejs4

nodejs/nodejs4

SHA256

Fork 0

Commit Graph

Author	SHA256	Message	Date
Adam Majer	3f386ef218	Backport security fixes from NodeJS 6.x: * debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. CVE-2018-12120.patch - (CVE-2018-12120, bsc#1117625) * http: + Two-byte characters are now strictly disallowed for the path option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended). CVE-2018-12116.patch - (CVE-2018-12116, bsc#1117630) * util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. CVE-2018-12123.patch - (CVE-2018-12123, bnc#1117629) OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=99	2019-01-08 16:04:58 +00:00

Author

SHA256

Message

Date

Adam Majer

3f386ef218

Backport security fixes from NodeJS 6.x:

* debugger: prevent the debugger from listening on 0.0.0.0.
    It now defaults to 127.0.0.1.
    CVE-2018-12120.patch - (CVE-2018-12120, bsc#1117625)
  * http:
    + Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters
      outside of the range \u0021 - \u00ff will now be rejected
      with a TypeError. This behavior can be reverted if necessary
      by supplying the --security-revert=CVE-2018-12116 command
      line argument (this is not recommended).
      CVE-2018-12116.patch - (CVE-2018-12116, bsc#1117630)
  * util: Fix a bug that would allow a hostname being spoofed when
    parsing URLs with url.parse() with the 'javascript:' protocol.
    CVE-2018-12123.patch - (CVE-2018-12123, bnc#1117629)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=99

2019-01-08 16:04:58 +00:00

1 Commits