NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
597136c2be
kumquat-buildroot/package/nodejs/nodejs.hash
Peter Korsgaard 7f02604553 nodejs: security bump to version 8.11.1 
Fixes the following security issues:

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
  website could use a DNS rebinding attack to trick a web browser to bypass
  same-origin-policy checks and allow HTTP connections to localhost or to
  hosts on the local network, potentially to an open inspector port as a
  debugger, therefore gaining full code execution access.  The inspector now
  only allows connections that have a browser Host value of localhost or
  localhost6.

- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths could
  be used to cause a denial of service if an attacker were able to have a
  specially crafted path string passed through one of the impacted 'path'
  module functions.

- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
  Node.js HTTP parser allowed for spaces inside Content-Length header
  values.  Such values now lead to rejected connections in the same way as
  non-numeric values.

While we are at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 17:09:42 +02:00

6 lines
252 B
Plaintext
Raw Blame History

# From http://nodejs.org/dist/v8.11.1/SHASUMS256.txt
sha256 40a6eb51ea37fafcf0cfb58786b15b99152bec672cccf861c14d1cca0ad4758a node-v8.11.1.tar.xz
# Hash for license file
sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5 LICENSE
Reference in New Issue View Git Blame Copy Permalink