Release proposal: v0.10.48 #9154

rvagg · 2016-10-18T09:30:14Z

2016-10-18, Version 0.10.48 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Rod Vagg)

Commits:

[a14a6a3] - deps: c-ares, avoid single-byte buffer overwrite (Rod Vagg) deps: c-ares, avoid single-byte buffer overwrite #9108
[b798f59] - tls: fix minor jslint failure (Rod Vagg) tls: fix minor jslint failure for v0.10 #9107

PR-URL: nodejs#9107 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Backport of nodejs#8849 for c-ares 1.9.0. Incorrect string length calculation when passing escaped dot. - CVE: CVE-2016-5180 - Upstream bug: https://c-ares.haxx.se/adv_20160929.html PR-URL: nodejs#9108 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>

rvagg · 2016-10-18T09:32:17Z

CI @ https://ci.nodejs.org/job/node-test-pull-request/4555/

citgm @ https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/424/

PR-URL: nodejs#9155 Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: João Reis <reis@janeasystems.com>

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Rod Vagg) PR-URL: nodejs#9154

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities. Notable changes: * c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more information at https://c-ares.haxx.se/adv_20160929.html (Rod Vagg) PR-URL: #9154

rvagg added 2 commits October 18, 2016 12:22

tls: fix minor jslint failure

b798f59

PR-URL: nodejs#9107 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. tls Issues and PRs related to the tls subsystem. v0.10 labels Oct 18, 2016

rvagg force-pushed the v0.10.48-proposal branch from 497bd20 to 0fc3f6e Compare October 18, 2016 09:32

rvagg added 2 commits October 19, 2016 00:32

win,build: try multiple timeservers when signing

92b232b

PR-URL: nodejs#9155 Reviewed-By: Johan Bergström <bugs@bergstroem.nu> Reviewed-By: João Reis <reis@janeasystems.com>

rvagg force-pushed the v0.10.48-proposal branch from 0fc3f6e to 262dd62 Compare October 18, 2016 13:33

rvagg merged commit 262dd62 into nodejs:v0.10 Oct 18, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Release proposal: v0.10.48 #9154

Release proposal: v0.10.48 #9154

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016

Release proposal: v0.10.48 #9154

Release proposal: v0.10.48 #9154

Conversation

rvagg commented Oct 18, 2016

rvagg commented Oct 18, 2016