From 0cdd41cab9c696c5a701332b7c529ffc9458f296 Mon Sep 17 00:00:00 2001 From: Nick Schonning Date: Mon, 5 Aug 2019 13:41:11 -0400 Subject: [PATCH] typo: Double word "that" --- locale/en/blog/vulnerability/openssl-march-2016.md | 2 +- locale/en/blog/vulnerability/openssl-may-2016.md | 2 +- locale/en/blog/vulnerability/openssl-november-2017.md | 2 +- .../en/blog/vulnerability/september-2016-security-releases.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/locale/en/blog/vulnerability/openssl-march-2016.md b/locale/en/blog/vulnerability/openssl-march-2016.md index 8e3e677311752..443136ef0d258 100644 --- a/locale/en/blog/vulnerability/openssl-march-2016.md +++ b/locale/en/blog/vulnerability/openssl-march-2016.md @@ -9,7 +9,7 @@ author: Rod Vagg ***(Updates to this post, including a schedule change are included below)*** -The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html) that that they will be releasing versions 1.0.2g and 1.0.1s this week, on **Tuesday the 1st of March, UTC**. The releases will fix _"several defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are: +The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html) that they will be releasing versions 1.0.2g and 1.0.1s this week, on **Tuesday the 1st of March, UTC**. The releases will fix _"several defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are: > ... issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable. diff --git a/locale/en/blog/vulnerability/openssl-may-2016.md b/locale/en/blog/vulnerability/openssl-may-2016.md index 048ef00f08694..58b319254ad0e 100644 --- a/locale/en/blog/vulnerability/openssl-may-2016.md +++ b/locale/en/blog/vulnerability/openssl-may-2016.md @@ -19,7 +19,7 @@ The following releases have been made available to include the security updates ***Original post is included below, along with an update containing a risk assessment*** -The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html) that that they will be releasing versions 1.0.1t and 1.0.2h this week, on **Tuesday the 3rd of May, UTC**. The releases will fix _"several security defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are: +The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html) that they will be releasing versions 1.0.1t and 1.0.2h this week, on **Tuesday the 3rd of May, UTC**. The releases will fix _"several security defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are: > ... issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable. diff --git a/locale/en/blog/vulnerability/openssl-november-2017.md b/locale/en/blog/vulnerability/openssl-november-2017.md index 2abdcbc811c14..8d7eebe243395 100644 --- a/locale/en/blog/vulnerability/openssl-november-2017.md +++ b/locale/en/blog/vulnerability/openssl-november-2017.md @@ -63,7 +63,7 @@ We will include an update here once all releases are made available. -------------------------------------- -The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000103.html) _(also see their [correction](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html))_ that that they will be releasing versions 1.1.0g and 1.0.2m this week, on **Thursday the 2nd of November 2017, UTC**. The releases will fix one _"low severity security issue"_ and one _"moderate level security issue"_. "Moderate" level security issues for OpenSSL: +The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000103.html) _(also see their [correction](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html))_ that they will be releasing versions 1.1.0g and 1.0.2m this week, on **Thursday the 2nd of November 2017, UTC**. The releases will fix one _"low severity security issue"_ and one _"moderate level security issue"_. "Moderate" level security issues for OpenSSL: > ... includes issues like crashes in client applications, flaws in protocols that are less commonly used (such as DTLS), and local flaws. diff --git a/locale/en/blog/vulnerability/september-2016-security-releases.md b/locale/en/blog/vulnerability/september-2016-security-releases.md index 6f2039501e3d3..108730e33722f 100644 --- a/locale/en/blog/vulnerability/september-2016-security-releases.md +++ b/locale/en/blog/vulnerability/september-2016-security-releases.md @@ -37,7 +37,7 @@ All versions of Node.js are **affected**. ### CVE-2016-5325: `reason` argument in `ServerResponse#writeHead()` not properly validated -This is a low severity security defect that that may make [HTTP response splitting](https://en.wikipedia.org/wiki/HTTP_response_splitting) possible under certain circumstances. If user-input is passed to the `reason` argument to `writeHead()` on an HTTP response, a new-line character may be used to inject additional responses. +This is a low severity security defect that may make [HTTP response splitting](https://en.wikipedia.org/wiki/HTTP_response_splitting) possible under certain circumstances. If user-input is passed to the `reason` argument to `writeHead()` on an HTTP response, a new-line character may be used to inject additional responses. The fix for this defect introduces a new case where `throw` may occur when configuring HTTP responses. Users should already be adopting try/catch here.