Fedora alert FEDORA-2014-11065 (nodejs)
| From: | updates@fedoraproject.org | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 20 Update: nodejs-0.10.32-1.fc20 | |
| Date: | Sun, 28 Sep 2014 04:29:33 +0000 | |
| Message-ID: | <20140928042936.99DEB22C66@bastion01.phx2.fedoraproject.org> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2014-11065 2014-09-19 09:06:26 -------------------------------------------------------------------------------- Name : nodejs Product : Fedora 20 Version : 0.10.32 Release : 1.fc20 URL : http://nodejs.org/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please see the CVE bugs listed below. Changes in this update include: * v8: fix a crash introduced by previous release (Fedor Indutny) * crypto: use domains for any callback-taking method (Chris Dickinson) * http: do not send `0rnrn` in TE HEAD responses (Fedor Indutny) * querystring: fix unescape override (Tristan Berger) * url: Add support for RFC 3490 separators (Mathias Bynens) * v8: backport CVE-2013-6668 * cluster: disconnect should not be synchronous (Sam Roberts) * fs: fix fs.readFileSync fd leak when get RangeError (Jackson Tian) * stream: fix Readable.wrap objectMode falsy values (James Halliday) * timers: fix timers with non-integer delay hanging. (Julien Gilli) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 18 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.32-1 - new upstream release 0.10.32 http://blog.nodejs.org/2014/08/19/node-v0-10-31-stable/ http://blog.nodejs.org/2014/09/16/node-v0-10-32-stable/ * Fri Aug 1 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.30-1 - new upstream release 0.10.30 http://blog.nodejs.org/2014/07/31/node-v0-10-30-stable/ * Thu Jun 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.29-1 - new upstream release 0.10.29 http://blog.nodejs.org/2014/06/16/node-v0-10-29-stable/ - The invalid UTF8 fix has been reverted since this breaks v8 API, which cannot be done in a stable distribution release. This build of nodejs will behave as if NODE_INVALID_UTF8 was set. For more information on the implications, see: http://blog.nodejs.org/2014/06/16/openssl-and-breaking-ut... * Sat May 3 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.28-1 - new upstream release 0.10.28 There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only thing updated was npm, which is shipped seperately. The latest was only packaged to avoid confusion. Please see the v0.10.27 changelog for relevant changes in this update: http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/ * Thu Feb 20 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.26-1 - new upstream release 0.10.26 http://blog.nodejs.org/2014/02/18/node-v0-10-26-stable/ * Fri Feb 14 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.25-2 - rebuild for icu-53 (via v8) * Mon Jan 27 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.25-1 - new upstream release 0.10.25 http://blog.nodejs.org/2014/01/23/node-v0-10-25-stable/ * Thu Dec 19 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.24-1 - new upstream release 0.10.24 http://blog.nodejs.org/2013/12/19/node-v0-10-24-stable/ - upstream install script installs the headers now * Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.23-1 - new upstream release 0.10.23 http://blog.nodejs.org/2013/12/11/node-v0-10-23-stable/ * Tue Nov 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.22-1 - new upstream release 0.10.22 http://blog.nodejs.org/2013/11/12/node-v0-10-22-stable/ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074737 - CVE-2013-6668 v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146 https://bugzilla.redhat.com/show_bug.cgi?id=1074737 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update nodejs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...