[Pkg-javascript-devel] Bug#800580: nodejs: CVE-2015-7384: HTTP Denial of Service Vulnerability

2015-10-02 Thread Jérémy Lal 
2015-10-01 9:41 GMT+02:00 Salvatore Bonaccorso :

> Source: nodejs
> Version: 4.1.1~dfsg-2
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following CVE was published for nodejs on [0], but details and
> patches will by available on Monday the 5th of October 2015. But
> accordidng to upstrema 4.1.1 is affected, so filling this bug already.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.


Hi,

upstream is willing to coordinate the release of the fix, so i'll be able
to upload
a fixed version at about the same time as it is disclosed.

Jérémy.
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

[Pkg-javascript-devel] Bug#800580: nodejs: CVE-2015-7384: HTTP Denial of Service Vulnerability

2015-10-01 Thread Salvatore Bonaccorso 
Source: nodejs
Version: 4.1.1~dfsg-2
Severity: important
Tags: security upstream

Hi,

the following CVE was published for nodejs on [0], but details and
patches will by available on Monday the 5th of October 2015. But
accordidng to upstrema 4.1.1 is affected, so filling this bug already. 

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I

Regards,
Salvatore

___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel