commit patchinfo.5681 for openSUSE:13.2:Update

Tue, 11 Oct 2016 06:52:09 -0700 

Hello community,

here is the log from the commit of package patchinfo.5681 for 
openSUSE:13.2:Update checked in at 2016-10-11 15:51:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5681 (Old)
 and      /work/SRC/openSUSE:13.2:Update/.patchinfo.5681.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "patchinfo.5681"

Changes:
--------
New Changes file:

NO CHANGES FILE!!!

New:
----
  _patchinfo

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ _patchinfo ++++++
<patchinfo incident="5681">
  <issue id="985201" tracker="bnc">VUL-0: CVE-2016-5325: nodejs, nodejs4: HTTP 
processing security defect</issue>
  <issue id="1001652" tracker="bnc">VUL-0: CVE-2016-7099: nodejs, nodejs4: 
wildcard certificates not properly validated</issue>
  <issue id="2016-6304" tracker="cve" />
  <issue id="2016-6306" tracker="cve" />
  <issue id="2016-2178" tracker="cve" />
  <issue id="2016-1669" tracker="cve" />
  <issue id="2016-2183" tracker="cve" />
  <issue id="2016-5325" tracker="cve" />
  <issue id="2016-7099" tracker="cve" />
  <issue id="2016-7052" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>adamm</packager>
  <description>This update brings the new upstream nodejs LTS version 4.6.0, 
fixing bugs and security issues:

* Nodejs embedded openssl version update
    + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178,
      CVE-2016-6306, CVE-2016-7052)
    + remove support for dynamic 3rd party engine modules
* http: Properly validate for allowable characters in input
  user data. This introduces a new case where throw may occur
  when configuring HTTP responses, users should already
  be adopting try/catch here. (CVE-2016-5325, bsc#985201)
* tls: properly validate wildcard certificates
  (CVE-2016-7099, bsc#1001652)
* buffer: Zero-fill excess bytes in new Buffer objects created
  with Buffer.concat()
</description>
  <summary>Security update for nodejs</summary>
</patchinfo>

Reply via email to