nodejs 4.2.6~dfsg-1ubuntu4.2 source package in Ubuntu
Changelog
nodejs (4.2.6~dfsg-1ubuntu4.2) xenial-security; urgency=medium
* SECURITY UPDATE: CRLF injection vulnerability
- debian/patches/CVE-2016-5325-1.patch: Previously, the reason argument
passed to ServerResponse#writeHead was not being properly validated. One
could pass CRLFs which could lead to http response splitting. This
commit changes the behavior to throw an error in the event any invalid
characters are included in the reason.
lib/_http_common.js
lib/_http_server.js
test/parallel/test-http-status-reason-invalid-chars.js
- debian/patches/CVE-2016-5325-2.patch: The certificates in test fixtures
were set to expire in 999 days since they were generated. That time has
passed, and they have to be reissued. Bump expiration time to 99999 days
for all of them to prevent this from happening again in near future.
- CVE-2016-5325
-- Mike Salvatore <email address hidden> Wed, 08 Aug 2018 10:16:51 -0400
Upload details
- Uploaded by:
- Mike Salvatore
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Xenial | updates | universe | web | |
| Xenial | security | universe | web |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| nodejs_4.2.6~dfsg.orig.tar.gz | 9.0 MiB | e3527fb8ef9b84f7f44c97bca8862934f5ac2fec4a35ca29fec64ffbefea1ced |
| nodejs_4.2.6~dfsg-1ubuntu4.2.debian.tar.xz | 380.1 KiB | 5295c0e01410f8cbfa4c19863d4c4ad9e7998f77ed1b044414e81408409d72d9 |
| nodejs_4.2.6~dfsg-1ubuntu4.2.dsc | 2.4 KiB | 5c1050445778f139a86313cc8d60c5221c2e5aaaf7333eb422a145eae4574636 |
Available diffs
Binary packages built by this source
- nodejs: evented I/O for V8 javascript
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
Node.js is bundled with several useful libraries to handle server
tasks:
.
System, Events, Standard I/O, Modules, Timers, Child Processes, POSIX,
HTTP, Multipart Parsing, TCP, DNS, Assert, Path, URL, Query Strings.
- nodejs-dbg: evented I/O for V8 javascript (debug)
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
This package contains the debugging symbols.
- nodejs-dbgsym: debug symbols for package nodejs
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
Node.js is bundled with several useful libraries to handle server
tasks:
.
System, Events, Standard I/O, Modules, Timers, Child Processes, POSIX,
HTTP, Multipart Parsing, TCP, DNS, Assert, Path, URL, Query Strings.
- nodejs-dev: evented I/O for V8 javascript (development files)
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
This package is needed to build plugins.
- nodejs-dev-dbgsym: debug symbols for package nodejs-dev
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
This package is needed to build plugins.
- nodejs-legacy: evented I/O for V8 javascript (legacy symlink)
Node.js is a platform built on Chrome's JavaScript runtime for easily
building fast, scalable network applications. Node.js uses an
event-driven, non-blocking I/O model that makes it lightweight and
efficient, perfect for data-intensive real-time applications that run
across distributed devices.
.
This package contains a symlink for legacy Node.js code requiring
binary to be /usr/bin/node (not /usr/bin/nodejs as provided in Debian).
.
No other Debian packages should depend on this package. For more
information, see
<http://lists.debian. org/debian- devel-announce/ 2012/07/ msg00002. html>
