mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
560b1d374e
Fixes the following security issues:
- Fix for inspector DNS rebinding vulnerability (CVE-2018-7160): A malicious
website could use a DNS rebinding attack to trick a web browser to bypass
same-origin-policy checks and allow HTTP connections to localhost or to
hosts on the local network, potentially to an open inspector port as a
debugger, therefore gaining full code execution access. The inspector now
only allows connections that have a browser Host value of localhost or
localhost6.
- Fix for 'path' module regular expression denial of service
(CVE-2018-7158): A regular expression used for parsing POSIX paths could
be used to cause a denial of service if an attacker were able to have a
specially crafted path string passed through one of the impacted 'path'
module functions.
- Reject spaces in HTTP Content-Length header values (CVE-2018-7159): The
Node.js HTTP parser allowed for spaces inside Content-Length header
values. Such values now lead to rejected connections in the same way as
non-numeric values.
While we are at it, also add a hash for the license file.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 7f02604553)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6 lines
252 B
Plaintext
6 lines
252 B
Plaintext
# From http://nodejs.org/dist/v8.11.1/SHASUMS256.txt
|
|
sha256 40a6eb51ea37fafcf0cfb58786b15b99152bec672cccf861c14d1cca0ad4758a node-v8.11.1.tar.xz
|
|
|
|
# Hash for license file
|
|
sha256 b87be6c1479ed977481115869c2dd8b6d59e5ea55aa09939d6c898242121b2f5 LICENSE
|