[Buildroot] [PATCH] nodejs: security bump 0.10.x series to 0.10.48
Peter Korsgaard
peter at korsgaard.com
Fri Dec 2 21:11:13 UTC 2016
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at free-electrons.com> writes:
> Hello,
> On Fri, 2 Dec 2016 21:16:52 +0100, Peter Korsgaard wrote:
>> c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
>> information at https://c-ares.haxx.se/adv_20160929.html
> Thanks. What about our c-ares package itself?
That one was fixed quite some time ago:
commit 2d199dcff054d22a1ccc730fadfc7543b8c6e8f3
Author: Gustavo Zacarias <gustavo at zacarias.com.ar>
Date: Wed Oct 12 20:17:17 2016 -0300
c-ares: security bump to version 1.12.0
Fixes:
CVE-2016-5180 - ares_create_query single byte out of buffer write
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
I don't know enough about node to know if it can be convinced to use a
system c-ares instead of the embedded copy. Anyone?
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list