Skip to content

Release proposal: v0.10.48 #9154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 18, 2016
Merged

Release proposal: v0.10.48 #9154

merged 4 commits into from
Oct 18, 2016

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Oct 18, 2016

2016-10-18, Version 0.10.48 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

Commits:

rvagg added 2 commits October 18, 2016 12:22
@rvagg
tls: fix minor jslint failure
b798f59 
PR-URL: nodejs#9107
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
@rvagg
deps: c-ares, avoid single-byte buffer overwrite
a14a6a3 
Backport of nodejs#8849 for c-ares
1.9.0.

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

PR-URL: nodejs#9108
Reviewed-By: Ben Noordhuis <[email protected]>
@nodejs-github-bot nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem. v0.10 labels Oct 18, 2016
@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

CI @ https://ci.nodejs.org/job/node-test-pull-request/4555/

citgm @ https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/424/

@rvagg rvagg force-pushed the v0.10.48-proposal branch from 497bd20 to 0fc3f6e Compare October 18, 2016 09:32
rvagg added 2 commits October 19, 2016 00:32
@rvagg
win,build: try multiple timeservers when signing
92b232b 
PR-URL: nodejs#9155
Reviewed-By: Johan Bergström <[email protected]>
Reviewed-By: João Reis <[email protected]>
@rvagg
2016-10-18 Version 0.10.48 (Maintenance) Release
262dd62 
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: nodejs#9154
@rvagg rvagg force-pushed the v0.10.48-proposal branch from 0fc3f6e to 262dd62 Compare October 18, 2016 13:33
@rvagg rvagg merged commit 262dd62 into nodejs:v0.10 Oct 18, 2016
rvagg added a commit that referenced this pull request Oct 18, 2016
@rvagg
2016-10-18 Version 0.10.48 (Maintenance) Release
107f775 
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Rod Vagg)

PR-URL: #9154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rvagg @nodejs-github-bot