Date: Sun, 05 Jul 2015 18:51:37 -0500 From: Mark Felder <feld@...d.me> To: oss-security@...ts.openwall.com Subject: node.js out of band write Node has resolved a security vulnerability in their most recent release but do not appear to have requested a CVE ID. http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/ Node v0.12.6 (Stable) Sat, 04 Jul 2015 02:34:23 UTC - release This release of Node.js fixes a bug that triggers an out-of-band write in V8's utf-8 decoder. This bug impacts all Buffer to String conversions. This is an important security update as this bug can be used to cause a denial of service attack.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ