Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v0.10.48 #9154

Merged
merged 4 commits into from
Oct 18, 2016
Merged

Release proposal: v0.10.48 #9154

merged 4 commits into from
Oct 18, 2016

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Oct 18, 2016

2016-10-18, Version 0.10.48 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

Commits:

PR-URL: nodejs#9107
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Backport of nodejs#8849 for c-ares
1.9.0.

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: nodejs#9108
Reviewed-By: Ben Noordhuis <[email protected]>
@nodejs-github-bot nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem. v0.10 labels Oct 18, 2016
@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

PR-URL: nodejs#9155
Reviewed-By: Johan Bergström <[email protected]>
Reviewed-By: João Reis <[email protected]>
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: nodejs#9154
@rvagg rvagg merged commit 262dd62 into nodejs:v0.10 Oct 18, 2016
rvagg added a commit that referenced this pull request Oct 18, 2016
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: #9154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants