nodejs 4.2.6~dfsg-1ubuntu4.2 source package in Ubuntu

Changelog

nodejs (4.2.6~dfsg-1ubuntu4.2) xenial-security; urgency=medium

  * SECURITY UPDATE: CRLF injection vulnerability
    - debian/patches/CVE-2016-5325-1.patch: Previously, the reason argument
      passed to ServerResponse#writeHead was not being properly validated. One
      could pass CRLFs which could lead to http response splitting. This
      commit changes the behavior to throw an error in the event any invalid
      characters are included in the reason.
      lib/_http_common.js
      lib/_http_server.js
      test/parallel/test-http-status-reason-invalid-chars.js
    - debian/patches/CVE-2016-5325-2.patch: The certificates in test fixtures
      were set to expire in 999 days since they were generated. That time has
      passed, and they have to be reissued. Bump expiration time to 99999 days
      for all of them to prevent this from happening again in near future.
    - CVE-2016-5325

 -- Mike Salvatore <email address hidden>  Wed, 08 Aug 2018 10:16:51 -0400

Upload details

Uploaded by:
Mike Salvatore
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates universe web
Xenial security universe web

Downloads

File Size SHA-256 Checksum
nodejs_4.2.6~dfsg.orig.tar.gz 9.0 MiB e3527fb8ef9b84f7f44c97bca8862934f5ac2fec4a35ca29fec64ffbefea1ced
nodejs_4.2.6~dfsg-1ubuntu4.2.debian.tar.xz 380.1 KiB 5295c0e01410f8cbfa4c19863d4c4ad9e7998f77ed1b044414e81408409d72d9
nodejs_4.2.6~dfsg-1ubuntu4.2.dsc 2.4 KiB 5c1050445778f139a86313cc8d60c5221c2e5aaaf7333eb422a145eae4574636

View changes file

Binary packages built by this source

nodejs: evented I/O for V8 javascript

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 Node.js is bundled with several useful libraries to handle server
 tasks:
 .
 System, Events, Standard I/O, Modules, Timers, Child Processes, POSIX,
 HTTP, Multipart Parsing, TCP, DNS, Assert, Path, URL, Query Strings.

nodejs-dbg: evented I/O for V8 javascript (debug)

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 This package contains the debugging symbols.

nodejs-dbgsym: debug symbols for package nodejs

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 Node.js is bundled with several useful libraries to handle server
 tasks:
 .
 System, Events, Standard I/O, Modules, Timers, Child Processes, POSIX,
 HTTP, Multipart Parsing, TCP, DNS, Assert, Path, URL, Query Strings.

nodejs-dev: evented I/O for V8 javascript (development files)

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 This package is needed to build plugins.

nodejs-dev-dbgsym: debug symbols for package nodejs-dev

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 This package is needed to build plugins.

nodejs-legacy: evented I/O for V8 javascript (legacy symlink)

 Node.js is a platform built on Chrome's JavaScript runtime for easily
 building fast, scalable network applications. Node.js uses an
 event-driven, non-blocking I/O model that makes it lightweight and
 efficient, perfect for data-intensive real-time applications that run
 across distributed devices.
 .
 This package contains a symlink for legacy Node.js code requiring
 binary to be /usr/bin/node (not /usr/bin/nodejs as provided in Debian).
 .
 No other Debian packages should depend on this package. For more
 information, see
 <http://lists.debian.org/debian-devel-announce/2012/07/msg00002.html>