aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T13:40:19Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5154[3.3] nodejs: Security issues (CVE-2016-2086, CVE-2016-2216)2019-07-23T13:40:19ZAlicha CH[3.3] nodejs: Security issues (CVE-2016-2086, CVE-2016-2216)### (CVE-2016-2086) Request smuggling vulnerability
A request smuggling vulnerability was found in Node.js
that can be exploited under certain unspecified circumstances.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4...### (CVE-2016-2086) Request smuggling vulnerability
A request smuggling vulnerability was found in Node.js
that can be exploited under certain unspecified circumstances.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4.3.0, nodejs 5.6.0
### (CVE-2016-2216) Response splitting vulnerability using Unicode characters
It was reported that HTTP header parsing in Node.js is vulnerable to
response splitting attacks.
While Node.js has been protecting against response splitting attacks by
checking for CRLF characters,
it is possible to compose response headers using Unicode characters that
decompose to these characters,
bypassing the checks previously in place.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4.3.0, nodejs 5.6.0
### References:
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2086
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2216
*(from redmine: issue id 5154, created on 2016-02-22, closed on 2016-02-24)*
* Relations:
* parent #5153
* Changesets:
* Revision a1df28931360d38ed8c9fcaba1a1a710908c1a63 on 2016-02-23T15:12:38Z:
```
main/nodejs: security upgrade to 4.3.0 (CVE-2016-2086, CVE-2016-2216). Fixes #5154
```3.3.2Eivind UggedalEivind Uggedal