Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Filip Hajny
Date: 2018-06-14 12:54:26
Message id: 20180614105426.93533FBEC@cvs.NetBSD.org
Log Message:
lang/nodejs: Update to 10.4.1.
- Fixes memory exhaustion DoS (CVE-2018-7164): Fixes a bug introduced
in 9.7.0 that increases the memory consumed when reading from the
network into JavaScript using the net.Socket object directly as a
stream.
- http2
- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating
the http2 implementation to not crash under certain circumstances
during cleanup
- (CVE-2018-1000168): Fixes Denial of Service vulnerability by
upgrading nghttp2 to 1.32.0
- tls (CVE-2018-7162): Fixes Denial of Service vulnerability by
updating the TLS implementation to not crash upon receiving
- n-api: Prevent use-after-free in napi_delete_async_work
Files: