diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-12-09 23:18:30 +0100 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2018-12-10 11:47:50 +0100 |
| commit | 0de2c9c76cd0a522fc1eb4b8d63bb5070efaecd3 (patch) | |
| tree | aa8ee2c8fb719ef11caa7f46584fe70f0d872bc4 /package/nodejs/nodejs.mk | |
| parent | e273c36ad086189c081a41f2de7966348e085e37 (diff) | |
| download | buildroot-0de2c9c76cd0a522fc1eb4b8d63bb5070efaecd3.tar.gz buildroot-0de2c9c76cd0a522fc1eb4b8d63bb5070efaecd3.zip | |
package/nodejs: security bump to version 8.14.0
Fixes the following security vulnerabilities:
- Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
- Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
- Node.js: Hostname spoofing in URL parser for javascript protocol
(CVE-2018-12123)
- Node.js: HTTP request splitting (CVE-2018-12116)
- OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
- OpenSSL: Microarchitecture timing vulnerability in ECC scalar
multiplication (CVE-2018-5407)
For more details, see the announcement:
https://nodejs.org/en/blog/release/v8.14.0/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/nodejs/nodejs.mk')
| -rw-r--r-- | package/nodejs/nodejs.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/package/nodejs/nodejs.mk b/package/nodejs/nodejs.mk index 429642b795..8c8afbc332 100644 --- a/package/nodejs/nodejs.mk +++ b/package/nodejs/nodejs.mk @@ -4,7 +4,7 @@ # ################################################################################ -NODEJS_VERSION = 8.12.0 +NODEJS_VERSION = 8.14.0 NODEJS_SOURCE = node-v$(NODEJS_VERSION).tar.xz NODEJS_SITE = http://nodejs.org/dist/v$(NODEJS_VERSION) NODEJS_DEPENDENCIES = host-python host-nodejs c-ares \ |
