Summary: | <net-libs/nodejs-{4.8.5,6.11.1}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jer, jstein, patrick |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ | ||
See Also: | https://github.com/gentoo/gentoo/pull/6088 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-libs/nodejs-4.8.5 amd64 x86
=net-libs/nodejs-6.11.5 amd64 arm ppc ppc64 x86
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-07-18 19:02:49 UTC
@ Maintainer(s): Please bump - 4.x to >=4.8.4 - 6.x to >=6.11.1 - 7.x to >=7.10.1 v8.x (8.1.4) is already patched And please tell us how you want to proceed with v0.12.x which is affected. Can we drop this version? CVE assigned: CVE-2017-11499 References: https://nvd.nist.gov/vuln/detail/CVE-2017-11499 ChrisADR Gentoo Security Padawan @ Arches, please test and mark stable: =net-libs/nodejs-4.8.5 amd64 x86 =net-libs/nodejs-6.11.5 amd64 arm ppc ppc64 x86 net-libs/nodejs-0.x cleanup CI test: https://github.com/gentoo/gentoo/pull/6088 x86 stable Stable on amd64 ppc64 stable ppc stable arm stable GLSA Vote: No! Repository is clean, all done! |