NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/nodejs: security bump to version 8.14.0

Browse Source 
Fixes the following security vulnerabilities:

- Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
- Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
- Node.js: Hostname spoofing in URL parser for javascript protocol
  (CVE-2018-12123)
- Node.js: HTTP request splitting (CVE-2018-12116)
- OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
- OpenSSL: Microarchitecture timing vulnerability in ECC scalar
  multiplication (CVE-2018-5407)

For more details, see the announcement:
https://nodejs.org/en/blog/release/v8.14.0/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Peter Korsgaard 2018-12-09 23:18:30 +01:00 committed by Thomas Petazzoni
parent e273c36ad0
commit 0de2c9c76c
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/nodejs/nodejs.hash
View File

@ -1,5 +1,5 @@
# From https://nodejs.org/dist/v8.12.0/SHASUMS256.txt
sha256 5a9dff58016c18fb4bf902d963b124ff058a550ebcd9840c677757387bce419a node-v8.12.0.tar.xz
# From https://nodejs.org/dist/v8.14.0/SHASUMS256.txt
sha256 8ce252913c9f6aaa9871f2d9661b6e54858dae2f0064bd3c624676edb09083c4 node-v8.14.0.tar.xz
# Hash for license file
sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5 LICENSE

2
package/nodejs/nodejs.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
NODEJS_VERSION = 8.12.0
NODEJS_VERSION = 8.14.0
NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz
NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION)
NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \