Bug 18705

Summary: nodejs new security issue CVE-2016-1669
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: nodejs-4.4.4-3.mga5.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 19282    

Description David Walser 2016-06-14 14:34:29 CEST 
Upstream has announced that they will fix security issues later this week:
https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/

The issues will be fixed in 4.5.0.

There was also a 4.4.5 bugfix release in the interim:
https://nodejs.org/en/blog/release/v4.4.5/

The security issues also affect Mageia 5, and can be handled in Bug 18481.
Comment 1 Joseph Wang 2016-06-15 04:44:28 CEST 
Reassigning to neoclust since he has volunteered to maintain the nodejs stack.  I'd be willing to take this issue if he doesn't have the cycles to do it.

Assignee: joequant => neoclust

Comment 2 David Walser 2016-06-28 18:20:19 CEST 
CVE-2016-5325 will be fixed at a later time according to upstream's announcement on June 23.  CVE-2016-1669 has been fixed in 4.4.6 and 0.10.46.

Assignee: neoclust => mageia
Summary: nodejs new security issue CVE-2016-5325 => nodejs new security issue CVE-2016-1669

David Walser 2016-09-08 19:26:01 CEST

Blocks: (none) => 19282

Comment 3 David Walser 2016-09-08 22:27:04 CEST 
nodejs-4.5.0-1.mga6 uploaded for Cauldron.

Status: NEW => RESOLVED
Resolution: (none) => FIXED