Release proposal: v0.12.17 #9147

rvagg · 2016-10-18T05:08:51Z

2016-10-18, Version 0.12.17 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg)

Commits:

[c5b095e] - deps: avoid single-byte buffer overwrite (Daniel Stenberg) [CVE-2016-5180] ares_create_query: avoid single-byte buffer overwrite #8849

Incorrect string length calculation when passing escaped dot. - CVE: CVE-2016-5180 - Upstream bug: https://c-ares.haxx.se/adv_20160929.html Ref: nodejs#9037 PR-URL: nodejs#8849 Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>

rvagg · 2016-10-18T05:11:25Z

CI @ https://ci.nodejs.org/job/node-test-pull-request/4551/

rvagg · 2016-10-18T05:12:31Z

citgm @ https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/417/

PR-URL: nodejs#9155 Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: João Reis <reis@janeasystems.com>

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg) PR-URL: nodejs#9147

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Daniel Stenberg) PR-URL: #9147

nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. v0.12 labels Oct 18, 2016

rvagg force-pushed the v0.12.17-proposal branch from f712937 to 9a40b09 Compare October 18, 2016 09:22

rvagg added 2 commits October 19, 2016 00:41

win,build: try multiple timeservers when signing

5f1097d

PR-URL: nodejs#9155 Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: João Reis <reis@janeasystems.com>

rvagg force-pushed the v0.12.17-proposal branch from 9a40b09 to 1da5ccf Compare October 18, 2016 13:41

rvagg merged commit 1da5ccf into nodejs:v0.12 Oct 18, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release proposal: v0.12.17 #9147

Release proposal: v0.12.17 #9147

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016

Release proposal: v0.12.17 #9147

Release proposal: v0.12.17 #9147

Conversation

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016