Path to this page:
Subject: CVS commit: pkgsrc/lang/nodejs
From: Filip Hajny
Date: 2018-08-16 14:23:11
Message id: 20180816122312.07B80FBEC@cvs.NetBSD.org
Log Message:
lang/nodejs: Update to 10.9.0.
- buffer:
- Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2
encoding (CVE-2018-12115)
- Fix unintentional exposure of uninitialized memory in
`Buffer.alloc()` (CVE-2018-7166)
- deps:
- Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
- Upgrade V8 from 6.7 to 6.8
- Memory reduction and performance improvements
- http: `http.get()` and `http.request()` (and `https` variants) can
now accept three arguments to allow for a `URL` _and_ an `options`
object
Files: