package/nodejs: security bump to version 8.11.3 (64baf3de) · Commits · Arm Reference Solutions / buildroot

Commit 64baf3de authored Jun 16, 2018 by Martin Bark Committed by Thomas Petazzoni Jun 17, 2018

package/nodejs: security bump to version 8.11.3

Fixes the following security issues:

- (CVE-2018-7167): Fixes Denial of Service vulnerability where calling
  Buffer.fill() could hang

- (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
  http2 implementation to not crash under certain circumstances during
  cleanup

- (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
  nghttp2 to 1.32.0

See https://nodejs.org/en/blog/release/v8.11.3/

 for more details

Signed-off-by: Martin Bark <martin@barkynet.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

parent 88813806

Hide whitespace changes

Inline Side-by-side

Please register or to comment