Bug 213602 - www/node012: Update to 0.12.17
Summary: www/node012: Update to 0.12.17
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mark Felder
URL: https://nodejs.org/en/blog/release/v0...
Keywords: needs-patch, security
Depends on: 213800
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-19 06:58 UTC by Bradley T. Hughes
Modified: 2016-10-28 13:52 UTC (History)
2 users (show)

See Also:
feld: merge-quarterly+


Attachments
nodejs 0.12.17 (1.21 KB, patch)
2016-10-19 06:58 UTC, Bradley T. Hughes
bhughes: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bradley T. Hughes freebsd_committer 2016-10-19 06:58:41 UTC
Created attachment 175926 [details]
nodejs 0.12.17

Bump to the latest 0.12.x release. This is a security release to
address the c-ares single-byte buffer overwrite, CVE-2016-5180.
    
https://nodejs.org/en/blog/release/v0.12.17/
https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/

portlint: OK (-C, looks fine.)
testport: OK (poudriere: 11.0-R, 10.[123]-R, 9.3-R, amd64/i386, default options)
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2016-10-19 09:38:26 UTC
This also needs a security/vuxml entry
Comment 2 Bradley T. Hughes freebsd_committer 2016-10-26 10:29:24 UTC
See 213800 for vuxml entries :)
Comment 3 commit-hook freebsd_committer 2016-10-28 13:52:43 UTC
A commit references this bug:

Author: feld
Date: Fri Oct 28 13:52:04 UTC 2016
New revision: 424846
URL: https://svnweb.freebsd.org/changeset/ports/424846

Log:
  www/node012: Update to 0.12.17

  Bump to the latest 0.12.x release. This is a security release to
  address the c-ares single-byte buffer overwrite, CVE-2016-5180.

  https://nodejs.org/en/blog/release/v0.12.17/
  https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/

  PR:		213602
  MFH:		2016Q4
  Security:	CVE-2016-5180

Changes:
  head/www/node012/Makefile
  head/www/node012/distinfo
Comment 4 commit-hook freebsd_committer 2016-10-28 13:52:45 UTC
A commit references this bug:

Author: feld
Date: Fri Oct 28 13:52:37 UTC 2016
New revision: 424847
URL: https://svnweb.freebsd.org/changeset/ports/424847

Log:
  MFH: r424846

  www/node012: Update to 0.12.17

  Bump to the latest 0.12.x release. This is a security release to
  address the c-ares single-byte buffer overwrite, CVE-2016-5180.

  https://nodejs.org/en/blog/release/v0.12.17/
  https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/

  PR:		213602
  Security:	CVE-2016-5180

  Approved by:	ports-secteam (with hat)

Changes:
_U  branches/2016Q4/
  branches/2016Q4/www/node012/Makefile
  branches/2016Q4/www/node012/distinfo