Package "nodejs"

Name: nodejs


evented I/O for V8 javascript

Latest version: 4.2.6~dfsg-1ubuntu4.2
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://nodejs.org/


Download "nodejs"

Other versions of "nodejs" in Xenial

Repository Area Version
base universe 4.2.6~dfsg-1ubuntu4
security universe 4.2.6~dfsg-1ubuntu4.2
PPA: nodejs v012 0.12.18-1nodesource1~xenial1
PPA: Nodejs 7.x 7.10.1-2nodesource1~xenial1
PPA: Nodejs 9.x 9.11.2-1nodesource1
PPA: Nodejs 6.x 6.17.1-1nodesource1
PPA: Nodejs 8.x 8.17.0-1nodesource1

Packages in group

Deleted packages are displayed in grey.


Version: 4.2.6~dfsg-1ubuntu4.2 2018-08-10 17:07:45 UTC

  nodejs (4.2.6~dfsg-1ubuntu4.2) xenial-security; urgency=medium

  * SECURITY UPDATE: CRLF injection vulnerability
    - debian/patches/CVE-2016-5325-1.patch: Previously, the reason argument
      passed to ServerResponse#writeHead was not being properly validated. One
      could pass CRLFs which could lead to http response splitting. This
      commit changes the behavior to throw an error in the event any invalid
      characters are included in the reason.
    - debian/patches/CVE-2016-5325-2.patch: The certificates in test fixtures
      were set to expire in 999 days since they were generated. That time has
      passed, and they have to be reissued. Bump expiration time to 99999 days
      for all of them to prevent this from happening again in near future.
    - CVE-2016-5325

 -- Mike Salvatore <email address hidden> Wed, 08 Aug 2018 10:16:51 -0400

Source diff to previous version
CVE-2016-5325 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and

Version: 4.2.6~dfsg-1ubuntu4.1 2016-06-22 13:06:58 UTC

  nodejs (4.2.6~dfsg-1ubuntu4.1) xenial; urgency=medium

  * Recompile to resolve miscompilation on s390x architecture. LP:

 -- Dimitri John Ledkov <email address hidden> Fri, 20 May 2016 04:30:23 +0100

About   -   Send Feedback to @ubuntu_updates