Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v4.6.1 #9153

Closed
wants to merge 3 commits into from
Closed

Release proposal: v4.6.1 #9153

wants to merge 3 commits into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Oct 18, 2016

2016-10-18, Version 4.6.1 'Argon' (LTS), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable Changes

Commits

  • [f3c63e7ccf] - deps: avoid single-byte buffer overwrite (Daniel Stenberg) #8849

Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: nodejs#9037
PR-URL: nodejs#8849
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
@nodejs-github-bot nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. meta Issues and PRs related to the general management of the project. v4.x labels Oct 18, 2016
@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

@Fishrock123
Copy link
Contributor

lgtm

@MylesBorins
Copy link
Contributor

LGTM

PR-URL: nodejs#9155
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: João Reis <reis@janeasystems.com>
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)

PR-URL: nodejs#9153
rvagg added a commit that referenced this pull request Oct 18, 2016
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)

PR-URL: #9153
rvagg added a commit that referenced this pull request Oct 18, 2016
This is a security release. All Node.js users should consult the security
release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)

PR-URL: #9153
@rvagg rvagg closed this Oct 19, 2016
@rvagg rvagg deleted the v4.6.1-proposal branch October 19, 2016 03:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants