-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/2015 08:12 AM, Stephen Gallagher wrote: > On 12/03/2015 08:06 AM, Zuzana Svetlikova wrote: >> There is a CVE, I am not sure if we have the fixed sources >> already. > >> https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/ > >> > > OK, looking into it, it seems that they haven't released the > updated packages or actually lifted the embargo yet. I'll keep an > eye on it. > > Thanks for the heads-up. >
OK, I just found https://groups.google.com/forum/#!topic/nodejs-sec/Zf7Nxtg230E which suggests that the updated timetable is sometime today (in the US). -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZgQCEACgkQeiVVYja6o6PIpACePJse31BtzgeTi10vFNk4yC27 5IIAn0AGU4tVgpgBuW+SrWjzVQDzJ2yw =V1O2 -----END PGP SIGNATURE----- _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
