[Buildroot] [PATCH 1/1] package/nodejs: security bump to version 8.11.3
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Jun 17 12:04:35 UTC 2018
Hello,
On Sat, 16 Jun 2018 23:44:08 +0100, Martin Bark wrote:
> Fixes the following security issues:
>
> - (CVE-2018-7167): Fixes Denial of Service vulnerability where calling
> Buffer.fill() could hang
>
> - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
> http2 implementation to not crash under certain circumstances during
> cleanup
>
> - (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
> nghttp2 to 1.32.0
>
> See https://nodejs.org/en/blog/release/v8.11.3/ for more details
>
> Signed-off-by: Martin Bark <martin at barkynet.com>
> ---
> package/nodejs/nodejs.hash | 4 ++--
> package/nodejs/nodejs.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list