[Buildroot] [PATCH] nodejs: security bump to version 8.8.0
Peter Korsgaard
peter at korsgaard.com
Thu Oct 26 11:22:48 UTC 2017
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
> error to be raised when a raw deflate stream is initialized with windowBits
> set to 8. On some versions this crashes Node and you cannot recover from
> it, while on some versions it throws an exception. Node.js will now
> gracefully set windowBits to 9 replicating the legacy behavior to avoid a
> DOS vector.
> For more details, see the announcement:
> https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list