Sicherheit: Denial of Service in nodejs-JSV
Aktuelle Meldungen Distributionen
Name: Denial of Service in nodejs-JSV
ID: FEDORA-2018-13e08f4b4a
Distribution: Fedora
Plattformen: Fedora 27
Datum: Mo, 18. Juni 2018, 07:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16021
Applikationen: nodejs-JSV


Fedora Update Notification
2018-06-17 19:43:26.097081

Name : nodejs-JSV
Product : Fedora 27
Version : 4.0.2
Release : 12.fc27
URL : https://github.com/garycourt/JSV
Summary : JSON Schema Validator
Description :
JSV is a JavaScript implementation of a extendable, fully compliant
JSON Schema validator with the following features:

* The fastest extendable JSON validator available!
* Complete implementation of all current JSON Schema draft revisions.
* Supports creating individual environments (sandboxes) that validate
using a particular schema specification.
* Provides an intuitive API for creating new validating schema
attributes, or whole new custom schema schemas.
* Supports self, full and described by hyper links.
* Validates itself, and is bootstrapped from the JSON Schema schemas.
* Includes over 1100 unit tests for testing all parts of the specifications.
* Works in all ECMAScript 3 environments, including all web browsers
and Node.js.
* Licensed under the FreeBSD License, a very open license.

Update Information:

Update to latest nodejs-uri-js for CVE fix

* Thu Jun 7 2018 Tom Hughes <tom@compton.nu> - 4.0.2-12
- Update npm(uri-js) dependency
* Thu Feb 8 2018 Fedora Release Engineering <releng@fedoraproject.org> -
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1588825 - CVE-2017-16021 nodejs-uri-js: regular expression denial
of service vulnerability in parse method [fedora-all]
[ 2 ] Bug #1435853 - nodejs-uri-js-4.2.2 is available

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-13e08f4b4a' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BD5KSQ5TR3AYAGKFWC6XNNKUUI2ES6SU/
Frohe Ostern
Neue Nachrichten