Publishing details

Changelog

nodejs (0.10.25~dfsg2-2ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: CRLF injection vulnerability
    - debian/patches/CVE-2016-5325.patch: Previously, the reason argument
      passed to ServerResponse#writeHead was not being properly validated. One
      could pass CRLFs which could lead to http response splitting. This
      commit changes the behavior to throw an error in the event any invalid
      characters are included in the reason.
      lib/http.js
    - CVE-2016-5325

 -- Mike Salvatore <email address hidden>  Tue, 07 Aug 2018 10:42:55 -0400

Available diffs

Builds

Built packages

Package files