-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/03/2015 08:14 AM, Stephen Gallagher wrote: > On 12/03/2015 08:12 AM, Stephen Gallagher wrote: >> On 12/03/2015 08:06 AM, Zuzana Svetlikova wrote: >>> There is a CVE, I am not sure if we have the fixed sources >>> already. > >>> https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764 / > >>> >>> > >> OK, looking into it, it seems that they haven't released the >> updated packages or actually lifted the embargo yet. I'll keep >> an eye on it. > >> Thanks for the heads-up. > > > > OK, I just found > https://groups.google.com/forum/#!topic/nodejs-sec/Zf7Nxtg230E > which suggests that the updated timetable is sometime today (in the > US).
I'm building 4.2.3 now. I also noticed that I screwed something up in the earlier builds: I was accidentally looking at 5.1's copy of v8, so the v8_abi version was wrong. We're actually using a v8 of 4.5 (specifically 4.5.103.35). The 4.2.3 build will correct this, but if any packages need to be rebuilt to handle this properly, be aware of it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZhlBcACgkQeiVVYja6o6MwNwCfS1AnNBy07gRdWAVmb+nOHsjn bskAn3krYSEUJkyottJ7seHpDpuu2EaW =xNpe -----END PGP SIGNATURE----- _______________________________________________ nodejs mailing list [email protected] http://lists.fedoraproject.org/admin/lists/[email protected]
