Overview

File _patchinfo of Package patchinfo.14083

<patchinfo incident="14083">
  <issue tracker="cve" id="2019-15605"/>
  <issue tracker="cve" id="2019-15604"/>
  <issue tracker="cve" id="2019-15606"/>
  <issue tracker="bnc" id="1163102">VUL-0: CVE-2019-15605: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP request smuggling using malformed Transfer-Encoding header</issue>
  <issue tracker="bnc" id="1163103">VUL-0: CVE-2019-15606: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP header values do not have trailing OWS trimmed</issue>
  <issue tracker="bnc" id="1163104">VUL-0: CVE-2019-15604: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs8</summary>
  <description>This update for nodejs8 fixes the following issues:

Security issues fixed:

- CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104).
- CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
- CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places