Upstream has announced that they will fix security issues later this week: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/ The issues will be fixed in 4.5.0. There was also a 4.4.5 bugfix release in the interim: https://nodejs.org/en/blog/release/v4.4.5/ The security issues also affect Mageia 5, and can be handled in Bug 18481.
Reassigning to neoclust since he has volunteered to maintain the nodejs stack. I'd be willing to take this issue if he doesn't have the cycles to do it.
Assignee: joequant => neoclust
CVE-2016-5325 will be fixed at a later time according to upstream's announcement on June 23. CVE-2016-1669 has been fixed in 4.4.6 and 0.10.46.
Assignee: neoclust => mageiaSummary: nodejs new security issue CVE-2016-5325 => nodejs new security issue CVE-2016-1669
Blocks: (none) => 19282
nodejs-4.5.0-1.mga6 uploaded for Cauldron.
Status: NEW => RESOLVEDResolution: (none) => FIXED