Now
MAIN commitmail json YAML
Update lang/nodejs4 to 4.6.0.
- openssl: Remove support for loading dynamic third-party engine
modules. An attacker may be able to hide malicious code to be
inserted into Node.js at runtime by masquerading as one of the
dynamic engine modules.
- http: CVE-2016-5325 - Properly validate for allowable characters
in the reason argument in ServerResponse#writeHead().
- buffer: Zero-fill excess bytes in new Buffer objects created
with Buffer.concat() while providing a totalLength parameter
that exceeds the total length of the original Buffer objects
being concatenated.
- tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid
wildcard certificate for its hostname due to improper validation
of *. in the wildcard string.
- openssl: Remove support for loading dynamic third-party engine
modules. An attacker may be able to hide malicious code to be
inserted into Node.js at runtime by masquerading as one of the
dynamic engine modules.
- http: CVE-2016-5325 - Properly validate for allowable characters
in the reason argument in ServerResponse#writeHead().
- buffer: Zero-fill excess bytes in new Buffer objects created
with Buffer.concat() while providing a totalLength parameter
that exceeds the total length of the original Buffer objects
being concatenated.
- tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid
wildcard certificate for its hostname due to improper validation
of *. in the wildcard string.