Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

typo: Double word "that" #2366

Merged
merged 1 commit into from
Aug 5, 2019
Merged

typo: Double word "that" #2366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion locale/en/blog/vulnerability/openssl-march-2016.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ author: Rod Vagg

***(Updates to this post, including a schedule change are included below)***

The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html) that that they will be releasing versions 1.0.2g and 1.0.1s this week, on **Tuesday the 1st of March, UTC**. The releases will fix _"several defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are:
The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html) that they will be releasing versions 1.0.2g and 1.0.1s this week, on **Tuesday the 1st of March, UTC**. The releases will fix _"several defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are:

> ... issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable.

Expand Down
2 changes: 1 addition & 1 deletion locale/en/blog/vulnerability/openssl-may-2016.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ The following releases have been made available to include the security updates

***Original post is included below, along with an update containing a risk assessment***

The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html) that that they will be releasing versions 1.0.1t and 1.0.2h this week, on **Tuesday the 3rd of May, UTC**. The releases will fix _"several security defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are:
The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html) that they will be releasing versions 1.0.1t and 1.0.2h this week, on **Tuesday the 3rd of May, UTC**. The releases will fix _"several security defects"_ that are labelled as _"high"_ severity under their security policy, meaning they are:

> ... issues that are of a lower risk than critical, perhaps due to affecting less common configurations, or which are less likely to be exploitable.

Expand Down
2 changes: 1 addition & 1 deletion locale/en/blog/vulnerability/openssl-november-2017.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ We will include an update here once all releases are made available.

--------------------------------------

The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000103.html) _(also see their [correction](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html))_ that that they will be releasing versions 1.1.0g and 1.0.2m this week, on **Thursday the 2nd of November 2017, UTC**. The releases will fix one _"low severity security issue"_ and one _"moderate level security issue"_. "Moderate" level security issues for OpenSSL:
The OpenSSL project has [announced](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000103.html) _(also see their [correction](https://mta.openssl.org/pipermail/openssl-announce/2017-October/000104.html))_ that they will be releasing versions 1.1.0g and 1.0.2m this week, on **Thursday the 2nd of November 2017, UTC**. The releases will fix one _"low severity security issue"_ and one _"moderate level security issue"_. "Moderate" level security issues for OpenSSL:

> ... includes issues like crashes in client applications, flaws in protocols that are less commonly used (such as DTLS), and local flaws.

Expand Down
2 changes: 1 addition & 1 deletion locale/en/blog/vulnerability/september-2016-security-releases.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ All versions of Node.js are **affected**.

### CVE-2016-5325: `reason` argument in `ServerResponse#writeHead()` not properly validated

This is a low severity security defect that that may make [HTTP response splitting](https://en.wikipedia.org/wiki/HTTP_response_splitting) possible under certain circumstances. If user-input is passed to the `reason` argument to `writeHead()` on an HTTP response, a new-line character may be used to inject additional responses.
This is a low severity security defect that may make [HTTP response splitting](https://en.wikipedia.org/wiki/HTTP_response_splitting) possible under certain circumstances. If user-input is passed to the `reason` argument to `writeHead()` on an HTTP response, a new-line character may be used to inject additional responses.

The fix for this defect introduces a new case where `throw` may occur when configuring HTTP responses. Users should already be adopting try/catch here.

Expand Down