diff options
| author | fhajny <fhajny> | 2016-09-28 11:10:44 +0000 |
|---|---|---|
| committer | fhajny <fhajny> | 2016-09-28 11:10:44 +0000 |
| commit | a629ba15c21d3e902955386fa48cd4a3604eab30 (patch) | |
| tree | fa46e76b4d0e2eecacb92d98aa0025097942f6f9 /lang/lua52/version.mk | |
| parent | 3daa8b511aee08e7c9f265e6fbf2dd3e1acccd6a (diff) | |
| download | pkgsrc-a629ba15c21d3e902955386fa48cd4a3604eab30.tar.gz | |
Update lang/nodejs to 6.7.0
- openssl: Remove support for loading dynamic third-party engine
modules. An attacker may be able to hide malicious code to be
inserted into Node.js at runtime by masquerading as one of the
dynamic engine modules.
- http: CVE-2016-5325 - Properly validate for allowable characters
in the reason argument in ServerResponse#writeHead().
- buffer: Zero-fill excess bytes in new Buffer objects created
with Buffer.concat() while providing a totalLength parameter
that exceeds the total length of the original Buffer objects
being concatenated.
- src: Fix regression where passing an empty password and/or salt
to crypto.pbkdf2() would cause a fatal error
- tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid
wildcard certificate for its hostname due to improper validation
of *. in the wildcard string.
- v8: Fix regression where a regex on a frozen object was broken
Diffstat (limited to 'lang/lua52/version.mk')
0 files changed, 0 insertions, 0 deletions