Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v0.10.48 #9154

Merged
merged 4 commits into from
Oct 18, 2016
Merged

Release proposal: v0.10.48 #9154

merged 4 commits into from
Oct 18, 2016

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Oct 18, 2016

2016-10-18, Version 0.10.48 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

Commits:

rvagg added 2 commits October 18, 2016 12:22
PR-URL: nodejs#9107
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Backport of nodejs#8849 for c-ares
1.9.0.

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: nodejs#9108
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
@nodejs-github-bot nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem. v0.10 labels Oct 18, 2016
@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

@rvagg rvagg force-pushed the v0.10.48-proposal branch from 497bd20 to 0fc3f6e Compare October 18, 2016 09:32
rvagg added 2 commits October 19, 2016 00:32
PR-URL: nodejs#9155
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: João Reis <reis@janeasystems.com>
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: nodejs#9154
@rvagg rvagg force-pushed the v0.10.48-proposal branch from 0fc3f6e to 262dd62 Compare October 18, 2016 13:33
@rvagg rvagg merged commit 262dd62 into nodejs:v0.10 Oct 18, 2016
rvagg added a commit that referenced this pull request Oct 18, 2016
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: #9154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants