[Buildroot] [PATCH 1/1] package/nodejs: security bump to version 8.11.3

Peter Korsgaard peter at korsgaard.com
Tue Jul 17 07:29:57 UTC 2018


>>>>> "Martin" == Martin Bark <martin at barkynet.com> writes:

 > Fixes the following security issues:
 > - (CVE-2018-7167): Fixes Denial of Service vulnerability where calling
 >   Buffer.fill() could hang

 > - (CVE-2018-7161): Fixes Denial of Service vulnerability by updating the
 >   http2 implementation to not crash under certain circumstances during
 >   cleanup

 > - (CVE-2018-1000168): Fixes Denial of Service vulnerability by upgrading
 >   nghttp2 to 1.32.0

 > See https://nodejs.org/en/blog/release/v8.11.3/ for more details

 > Signed-off-by: Martin Bark <martin at barkynet.com>

Committed to 2018.05.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list