Login
Newsletter
Werbung

Sicherheit: Unsichere Verwendung temporärer Verzeichnisse in npm
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Verzeichnisse in npm
ID: FEDORA-2013-13979
Distribution: Fedora
Plattformen: Fedora 19
Datum: So, 11. August 2013, 10:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4116
Applikationen: npm

Originalnachricht

Name        : npm
Product : Fedora 19
Version : 1.3.6
Release : 2.fc19
URL : http://npmjs.org/
Summary : Node.js Package Manager
Description :
npm is a package manager for node.js. You can use it to install and publish
your
node programs. It manages dependencies and does other cool stuff.

-------------------------------------------------------------------------------
-
Update Information:

This update provides the latest version of npm, the Node.js Package Manager.
It fixes several minor bugs.

For more information about the changes contained in this release, review the
commit log:
https://github.com/isaacs/npm/commits/v1.3.6

Please note that npm's license has changed in this release from a modified
version of the MIT license to the Artistic 2.0 license.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jul 30 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1.3.6-2
- license changed from MITNFA to Artistic 2.0
* Tue Jul 30 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1.3.6-1
- new upstream release 1.3.6
* Fri Jul 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1.3.3-1
- new upstream release 1.3.3
- fixes insecure temporary directory generation (CVE-2013-4116; RHBZ#983917)
* Sun Jun 23 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1.3.0-1
- new upstream release 1.3.0
- use system paths for manual pages and documentation (RHBZ#953051)
* Sat Jun 22 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
1.2.17-6
- restrict to compatible arches
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #989965 - nodejs-mime-1.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=989965
[ 2 ] Bug #989962 - nodejs-glob-3.2.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=989962
[ 3 ] Bug #989961 - nodejs-generic-pool-2.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=989961
[ 4 ] Bug #984569 - nodejs-rimraf-2.2.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=984569
[ 5 ] Bug #984567 - nodejs-read-1.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=984567
[ 6 ] Bug #984566 - nodejs-mute-stream-0.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=984566
[ 7 ] Bug #984558 - nodejs-bindings-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=984558
[ 8 ] Bug #982985 - nodejs-request-2.25.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=982985
[ 9 ] Bug #982982 - nodejs-form-data-0.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=982982
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update npm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung