Mageia alert MGASA-2015-0454 (uglify-js)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2015-0454: Updated uglify-js packages fix security vulnerability | |
| Date: | Thu, 19 Nov 2015 23:08:59 +0100 | |
| Message-ID: | <20151119220859.625F55C852@valstar.mageia.org> |
MGASA-2015-0454 - Updated uglify-js packages fix security vulnerability Publication date: 19 Nov 2015 URL: http://advisories.mageia.org/MGASA-2015-0454.html Type: security Affected Mageia releases: 5 Description: The UglifyJS node module has a problem where the combination of De Morgan’s Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code. References: - https://bugs.mageia.org/show_bug.cgi?id=16643 - http://openwall.com/lists/oss-security/2015/08/24/5 SRPMS: - 5/core/uglify-js-2.4.24-3.mga5 - 5/core/nodejs-align-text-0.1.3-1.mga5 - 5/core/nodejs-ansi-regex-2.0.0-1.mga5 - 5/core/nodejs-camelcase-1.2.1-1.mga5 - 5/core/nodejs-center-align-0.1.1-1.mga5 - 5/core/nodejs-cliui-3.0.3-1.mga5 - 5/core/nodejs-code-point-at-1.0.0-1.mga5 - 5/core/nodejs-decamelize-1.0.0-1.mga5 - 5/core/nodejs-invert-kv-1.0.0-1.mga5 - 5/core/nodejs-is-buffer-1.1.0-1.mga5 - 5/core/nodejs-is-fullwidth-code-point-1.0.0-1.mga5 - 5/core/nodejs-kind-of-2.0.1-1.mga5 - 5/core/nodejs-lcid-1.0.0-1.mga5 - 5/core/nodejs-longest-1.0.1-1.mga5 - 5/core/nodejs-minimist-1.2.0-1.mga5 - 5/core/nodejs-number-is-nan-1.0.0-1.mga5 - 5/core/nodejs-os-locale-1.4.0-1.mga5 - 5/core/nodejs-repeat-string-1.5.2-1.mga5 - 5/core/nodejs-right-align-0.1.3-1.mga5 - 5/core/nodejs-source-map-0.5.1-1.1.mga5 - 5/core/nodejs-string-width-1.0.1-6.mga5 - 5/core/nodejs-strip-ansi-3.0.0-1.mga5 - 5/core/nodejs-window-size-0.1.2-1.mga5 - 5/core/nodejs-wrap-ansi-1.0.0-1.mga5 - 5/core/nodejs-y18n-3.2.0-1.mga5 - 5/core/nodejs-yargs-3.28.0-2.mga5