nodejs: Denial of Service Vulnerability in versions before 4.1.2 (CVE-2015-7384)
A vulnerability has been discovered in the HTTP pipeline handling that
is leading to an application crash. This problem is caused by
out-of-order responses being sent to the client within a single
pipelined connection.
The problem has been fixed upstream in version 4.1.2.
Alpine v3.2 and older are not affected as then have nodejs 0.12 and older.
References:
_https://github.com/nodejs/node/issues/3138
_
(from redmine: issue id 4750, created on 2015-10-07, closed on 2015-10-14)
- Changesets:
- Revision a771c6d2 by Natanael Copa on 2015-10-13T15:04:51Z:
main/nodejs: security upgrade to 4.1.2 (CVE-2015-7384)
fixes #4750