Overview

File _patchinfo of Package patchinfo.4157

<patchinfo incident="4157">
  <issue id="1022086" tracker="bnc">VUL-1: CVE-2017-3732: openssl: BN_mod_exp may produce incorrect results on x86_64</issue>
  <issue id="1000036" tracker="bnc">devel:languages:nodejs/nodejs: CA certificates broken on SLE11</issue>
  <issue id="1022085" tracker="bnc">VUL-0: CVE-2017-3731: openssl: Truncated packet could crash via OOB read</issue>
  <issue id="1009528" tracker="bnc">VUL-1: CVE-2016-7055: openssl: Montgomery multiplication may produce incorrect results</issue>
  <issue id="2016-7055" tracker="cve" />
  <issue id="2017-3731" tracker="cve" />
  <issue id="2017-3732" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>
This update for nodejs4 fixes the following issues:

- New upstream LTS release 4.7.3
  The embedded openssl sources were updated to 1.0.2k
    (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
     bsc#1022085, bsc#1022086, bsc#1009528)
- No changes in LTS version 4.7.2

- New upstream LTS release 4.7.1
  * build: shared library support is now working for AIX builds
  * repl: passing options to the repl will no longer overwrite
          defaults
  * timers: recanceling a cancelled timers will no longer throw

- New upstream LTS version 4.7.0
  * build: introduce the configure --shared option for embedders
  * debugger: make listen address configurable in debugger server
  * dgram: generalized send queue to handle close, fixing a
           potential throw when dgram socket is closed in the
           listening event handler
  * http: introduce the 451 status code "Unavailable For
          Legal Reasons"
  * gtest: the test reporter now outputs tap comments as yamlish
  * tls: introduce secureContext for tls.connect (useful for
         caching client certificates, key, and CA certificates)
  * tls: fix memory leak when writing data to TLSWrap instance
         during handshake
  * src: node no longer aborts when c-ares initialization fails
  * ported and updated system CA store for the new node crypto code

- New upstream LTS version 4.6.2
  * build:
    + It is now possible to build the documentation from the release tarball.
  * buffer:
    + Buffer.alloc() will no longer incorrectly return a zero filled buffer
      when an encoding is passed.
  * deps:
    + Upgrade npm in LTS to 2.15.11.
  * repl:
    + Enable tab completion for global properties.
  * url:
    + url.format() will now encode all "#" in search.

- Add missing conflicts to base package. It's not possible to have
  concurrent nodejs installations.

- enable usage of system certificate store on SLE11SP4 by 
  requiring openssl1 (bsc#1000036)
</description>
  <summary>Security update for nodejs4</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places