[Buildroot] [Bug 8201] New: Important security upgrades for node.js

[Buildroot] [Bug 8201] New: Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

           Summary: Important security upgrades for node.js
           Product: buildroot
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: critical
          Priority: P5
         Component: Outdated package
        AssignedTo: unassigned at buildroot.uclibc.org
        ReportedBy: goabonga at gmail.com
                CC: buildroot at uclibc.org
   Estimated Hours: 0.0


version 0.10.5 is impacted and should be upgraded to 0.10.6.

https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

--- Comment #1 from Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-05 12:41:11 UTC ---
I believe there's a mistake in your bug report: it is really 0.12.6 that has
been released as a security fix for 0.12.5.

Can you submit a patch to update to 0.12.6 ? Thanks!

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

--- Comment #2 from Chris <goabonga@gmail.com> 2015-07-05 14:35:50 UTC ---
Created attachment 6091
  --> https://bugs.busybox.net/attachment.cgi?id=6091
Important security upgrades for node.js (upgrade to v0.12.6)

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

--- Comment #3 from Chris <goabonga@gmail.com> 2015-07-05 14:39:58 UTC ---
Hi Thomas,
Can you check and test it ?

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

Yann E. MORIN <yann.morin.1998@free.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |yann.morin.1998 at free.fr

--- Comment #4 from Yann E. MORIN <yann.morin.1998@free.fr> 2015-07-05 14:46:13 UTC ---
Chris,

Thanks for the patch!

The normal process for submitting patches isa to send them to the list,
like explained in the manual:
    http://buildroot.net/downloads/manual/manual.html#submitting-patches

However, I can already spot some issues with the patch: when you use
git-send-email, use the -C option, so that files that are only renamed
(or moved to another directory) only appear as a git rename, please?

Regards,
Yann E. MORIN.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

--- Comment #5 from Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2015-07-05 15:18:13 UTC ---
Yann: we did a mistake when merging the alternate version stuff for NodeJS. The
naming of the option should not be 0_12_5, but just 0_12. Otherwise, everytime
we upgrade the minor version of NodeJS, we would need to change the Config.in
option name, which isn't good. I did not notice that when applying the patches.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

Yann E. MORIN <yann.morin.1998@free.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|unassigned at buildroot.uclibc |yann.morin.1998 at free.fr
                   |.org                        |

--- Comment #6 from Yann E. MORIN <yann.morin.1998@free.fr> 2015-07-05 17:00:03 UTC ---
Thomas, 

Yes, probably. And also for 0_10, I guess.

Regards,
Yann E. MORIN.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Buildroot] [Bug 8201] Important security upgrades for node.js

[bugzilla at busybox.net]

https://bugs.busybox.net/show_bug.cgi?id=8201

Yann E. MORIN <yann.morin.1998@free.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #7 from Yann E. MORIN <yann.morin.1998@free.fr> 2015-07-06 22:08:52 UTC ---
Chris,

We believe this has been fixed with:
    781529b package/nodejs: security bump
   
http://git.buildroot.org/buildroot/commit/?id=781529b159313c04903791c6f9e437e697f0e3a9

Regards,
Yann E. MORIN.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.