Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: clarify v0.12.9 notable items #4154

Closed

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Dec 4, 2015

  • Include reference to CVE-2015-8027
  • Fix "socket may no longer have a socket" reference
  • Expand on non-existent parser causing the error
  • Clarify that CVE-2015-3194 affects TLS servers using client
    certificate authentication

* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
@JungMinu JungMinu added the doc Issues and PRs related to the documentations. label Dec 4, 2015

* http: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.1q, containing fixes CVE-2015-3194 "Certificate verify crash with missing PSS parameter", a potential denial-of-service vector for Node.js TLS servers; TLS clients are also impacted. Details are available at <http://openssl.org/news/secadv/20151203.txt>. (Ben Noordhuis) https://github.com/nodejs/node/pull/4133
* http: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe s/attempts trigger/attempts to trigger/ ?

@cjihrig
Copy link
Contributor

cjihrig commented Dec 4, 2015

LGTM pending @evanlucas comment.

@jasnell
Copy link
Member

jasnell commented Dec 4, 2015

LGTM

rvagg added a commit that referenced this pull request Dec 5, 2015
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_

PR-URL: #4154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@rvagg rvagg closed this Dec 5, 2015
@rvagg rvagg deleted the v0.12.9-release-notes-update branch December 5, 2015 04:26
@rvagg
Copy link
Member Author

rvagg commented Dec 5, 2015

thanks all, fixed and landed @ 06ae95f

rvagg added a commit that referenced this pull request Feb 8, 2016
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_

PR-URL: #4154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
jasnell pushed a commit that referenced this pull request Feb 9, 2016
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_

PR-URL: #4154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
jBarz pushed a commit to ibmruntimes/node that referenced this pull request Nov 4, 2016
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_

PR-URL: nodejs/node#4154
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants