Bug 8274 - [UPDATE REQUEST 2014.1] nodejs 6.11.2
: [UPDATE REQUEST 2014.1] nodejs 6.11.2
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-24 15:03 MSD by Алзим
Modified: 2017-10-02 15:21 MSD (History)
2 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алзим 2017-08-24 15:03:51 MSD
Для nodejs вышло критическое обновление.
CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. This patch checks that there is enough data for the required elements of an NAPTR record (2 int16, 3 bytes for string lengths) before processing a record. (David Drysdale)
Comment 1 Алзим 2017-08-24 15:05:04 MSD
nodejs 6.11.2
https://abf.io/build_lists/2888597
https://abf.io/build_lists/2888598
Comment 2 Алзим 2017-09-24 19:26:14 MSD
Пересборка
https://abf.io/build_lists/2895117
https://abf.io/build_lists/2895118
Comment 3 Vladimir Potapov 2017-09-27 16:29:03 MSD
The update is sent to expanded testing
***************************************
Comment 4 Vladimir Potapov 2017-10-02 12:47:00 MSD
nodejs-6.11.2-1
https://abf.io/build_lists/2895117
https://abf.io/build_lists/2895118
************************ Advisory *******************************
nodejs 6.11.2 with CVE-2017-1000381 fix
*****************************************************************
QA Verified