[ubuntu/trusty-updates] nodejs 0.10.25~dfsg2-2ubuntu1.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Fri Aug 10 15:28:10 UTC 2018
nodejs (0.10.25~dfsg2-2ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: CRLF injection vulnerability
- debian/patches/CVE-2016-5325.patch: Previously, the reason argument
passed to ServerResponse#writeHead was not being properly validated. One
could pass CRLFs which could lead to http response splitting. This
commit changes the behavior to throw an error in the event any invalid
characters are included in the reason.
lib/http.js
- CVE-2016-5325
Date: 2018-08-09 21:07:15.655029+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/nodejs/0.10.25~dfsg2-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list