from ${URL}: Node.js is vulnerable to DoS when a client sends too many pipelined HTTP requests. Links: https://groups.google.com/forum/#!topic/nodejs/NEbweYB0ei0 http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/ http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/ https://github.com/joyent/node/issues/6214 https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692 This issue affects all versions of Node released before 0.10.21 and 0.8.26.
+ 21 Oct 2013; Patrick Lauer <patrick@gentoo.org> +nodejs-0.10.21.ebuild, + +nodejs-0.8.26.ebuild, -nodejs-0.10.17.ebuild, -nodejs-0.10.18.ebuild, + -nodejs-0.10.19.ebuild, -nodejs-0.10.20.ebuild, -nodejs-0.8.21.ebuild, + -nodejs-0.8.23.ebuild: + Bump for #488624 All affected versions punted.
Arches, please test and mark stable: =net-libs/nodejs-0.10.21 target KEYWORDS="amd64 x86"
amd64 and x86 stable, please vote.
CVE-2013-4450 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4450): The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
GLSA vote: no.
GLSA vote: no Closing noglsa