UbuntuUpdates.org

Package "nodejs"

Name: nodejs

Description:

evented I/O for V8 javascript

Latest version: 0.10.25~dfsg2-2ubuntu1.2
Release: trusty (14.04)
Level: security
Repository: universe
Homepage: http://nodejs.org/

Links

Save this URL for the latest version of "nodejs": https://www.ubuntuupdates.org/nodejs


Download "nodejs"


Other versions of "nodejs" in Trusty

Repository Area Version
base universe 0.10.25~dfsg2-2ubuntu1
updates universe 0.10.25~dfsg2-2ubuntu1.2
PPA: Chris Lea Nodejs 0.10.37-1chl1~trusty1
PPA: nodejs v012 0.12.18-1nodesource1~trusty1
PPA: Nodejs 7.x 7.10.1-2nodesource1~trusty1
PPA: Nodejs 6.x 6.14.4-1nodesource1

Packages in group

Deleted packages are displayed in grey.

nodejs-dbg nodejs-dev nodejs-legacy

Changelog

Version: 0.10.25~dfsg2-2ubuntu1.2 2018-08-10 16:07:27 UTC

  nodejs (0.10.25~dfsg2-2ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: CRLF injection vulnerability
    - debian/patches/CVE-2016-5325.patch: Previously, the reason argument
      passed to ServerResponse#writeHead was not being properly validated. One
      could pass CRLFs which could lead to http response splitting. This
      commit changes the behavior to throw an error in the event any invalid
      characters are included in the reason.
      lib/http.js
    - CVE-2016-5325

 -- Mike Salvatore <email address hidden> Tue, 07 Aug 2018 10:42:55 -0400

CVE-2016-5325 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and



About   -   Send Feedback to @ubuntu_updates