UbuntuUpdates.org

Package "nodejs"

Name: nodejs

Description:

evented I/O for V8 javascript

Latest version: 8.10.0~dfsg-2ubuntu0.4
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://nodejs.org/

Links


Download "nodejs"


Other versions of "nodejs" in Bionic

Repository Area Version
base universe 8.10.0~dfsg-2
security universe 8.10.0~dfsg-2ubuntu0.2
PPA: Nodejs 6.x 6.14.1-1nodesource1
PPA: Nodejs 9.x 9.11.2-1nodesource1
PPA: Nodejs 12.x 12.19.1-1nodesource1
PPA: Nodejs 11.x 11.15.0-1nodesource1
PPA: Nodejs 8.x 8.17.0-1nodesource1
PPA: Nodejs 13.x 13.14.0-1nodesource1
PPA: Nodejs 14.x 14.15.1-1nodesource1
PPA: Nodejs 10.x 10.23.0-1nodesource1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.10.0~dfsg-2ubuntu0.4 2018-10-29 10:06:14 UTC

  nodejs (8.10.0~dfsg-2ubuntu0.4) bionic; urgency=medium

  * Use openssl1.0 client binary in tests LP: #1798367
    - resurrect fix_sslv3_test.patch
    - revert s_client_tls12.patch, as not needed with old ssl
    - reenable-more-tests.patch - reenable openssl1.0 and zlib tests, they
      should work

 -- Dimitri John Ledkov <email address hidden> Wed, 17 Oct 2018 13:21:44 +0100

Source diff to previous version
1798367 [SRU] nodejs should use openssl1.0 in testing as well

Version: 8.10.0~dfsg-2ubuntu0.3 2018-09-26 08:06:41 UTC

  nodejs (8.10.0~dfsg-2ubuntu0.3) bionic; urgency=medium

  * Force dependency on openssl1.0
    The newer openssl has ABI change, and this version of nodejs
    requires building with the older 1.0.2 version of openssl.
    (LP: #1779863)

 -- Dan Streetman <email address hidden> Mon, 23 Jul 2018 16:12:30 -0400

Source diff to previous version
1779863 Ubuntu nodejs package isn't ABI compatible with mainline nodejs.

Version: 8.10.0~dfsg-2ubuntu0.2 2018-08-14 16:06:33 UTC

  nodejs (8.10.0~dfsg-2ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 DoS vulnerability
    - debian/patches/CVE-2018-7161.patch: An attacker can cause a denial of
       service (DoS) by causing a node server providing an http2 server to
       crash by triggering a cleanup bug (use after free).
    - CVE-2018-7161
  * Fix test failures due to expired certificates
    - debian/patches/regen-test-certs.patch: test: update certificates and
      private keys.

 -- Mike Salvatore <email address hidden> Thu, 09 Aug 2018 14:20:02 -0400

CVE-2018-7161 All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node



About   -   Send Feedback to @ubuntu_updates