Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release proposal: v0.12.17 #9147

Merged
merged 3 commits into from
Oct 18, 2016
Merged

Release proposal: v0.12.17 #9147

merged 3 commits into from
Oct 18, 2016

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Oct 18, 2016

2016-10-18, Version 0.12.17 (Maintenance), @rvagg

This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/ for details on patched vulnerabilities.

Notable changes:

Commits:

@bagder @rvagg
deps: avoid single-byte buffer overwrite
c5b095e 
Incorrect string length calculation when passing escaped dot.

- CVE: CVE-2016-5180
- Upstream bug: https://c-ares.haxx.se/adv_20160929.html

Ref: nodejs#9037
PR-URL: nodejs#8849
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Johan Bergström <[email protected]>
Reviewed-By: Fedor Indutny <[email protected]>
@nodejs-github-bot nodejs-github-bot added cares Issues and PRs related to the c-ares dependency or the cares_wrap binding. v0.12 labels Oct 18, 2016
@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

CI @ https://ci.nodejs.org/job/node-test-pull-request/4551/

@rvagg
Copy link
Member Author

rvagg commented Oct 18, 2016

citgm @ https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/417/

@rvagg
win,build: try multiple timeservers when signing
5f1097d 
PR-URL: nodejs#9155
Reviewed-By: Johan Bergström <[email protected]>
Reviewed-By: João Reis <[email protected]>
@rvagg
2016-10-18 Version 0.12.17 (Maintenance) Release
1da5ccf 
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Daniel Stenberg)

PR-URL: nodejs#9147
@rvagg rvagg merged commit 1da5ccf into nodejs:v0.12 Oct 18, 2016
rvagg added a commit that referenced this pull request Oct 18, 2016
@rvagg
2016-10-18 Version 0.12.17 (Maintenance) Release
26e2f0d 
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/
for details on patched vulnerabilities.

Notable changes:

* c-ares: fix for single-byte buffer overwrite, CVE-2016-5180, more
  information at https://c-ares.haxx.se/adv_20160929.html
  (Daniel Stenberg)

PR-URL: #9147
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
cares Issues and PRs related to the c-ares dependency or the cares_wrap binding.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rvagg @nodejs-github-bot @bagder