kumquat-buildroot/package/nodejs
Peter Korsgaard 7f02604553 nodejs: security bump to version 8.11.1
Fixes the following security issues:

- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
  website could use a DNS rebinding attack to trick a web browser to bypass
  same-origin-policy checks and allow HTTP connections to localhost or to
  hosts on the local network, potentially to an open inspector port as a
  debugger, therefore gaining full code execution access.  The inspector now
  only allows connections that have a browser Host value of localhost or
  localhost6.

- Fix for 'path' module regular expression denial of service
  (CVE-2018-7158): A regular expression used for parsing POSIX paths could
  be used to cause a denial of service if an attacker were able to have a
  specially crafted path string passed through one of the impacted 'path'
  module functions.

- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
  Node.js HTTP parser allowed for spaces inside Content-Length header
  values.  Such values now lead to rejected connections in the same way as
  non-numeric values.

While we are at it, also add a hash for the license file.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2018-03-31 17:09:42 +02:00
..
0001-check-if-uclibc-has-backtrace-support.patch
Config.in package/*/Config.in: fix help text check-package warnings 2017-12-18 09:22:54 +01:00
nodejs.hash nodejs: security bump to version 8.11.1 2018-03-31 17:09:42 +02:00
nodejs.mk nodejs: security bump to version 8.11.1 2018-03-31 17:09:42 +02:00