Sicherheit: Unsichere Verwendung temporärer Verzeichnisse in npm - Pro-Linux

Name        : npm
Product     : Fedora 19
Version     : 1.3.6
Release     : 2.fc19
URL         : http://npmjs.org/
Summary     : Node.js Package Manager
Description :
npm is a package manager for node.js. You can use it to install and publish
 your
node programs. It manages dependencies and does other cool stuff.

-------------------------------------------------------------------------------
-
Update Information:

This update provides the latest version of npm, the Node.js Package Manager. 
 It fixes several minor bugs.

For more information about the changes contained in this release, review the
 commit log:

https://github.com/isaacs/npm/commits/v1.3.6

Please note that npm's license has changed in this release from a modified
 version of the MIT license to the Artistic 2.0 license.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Jul 30 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
 1.3.6-2
- license changed from MITNFA to Artistic 2.0
* Tue Jul 30 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
 1.3.6-1
- new upstream release 1.3.6
* Fri Jul 12 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
 1.3.3-1
- new upstream release 1.3.3
- fixes insecure temporary directory generation (CVE-2013-4116; RHBZ#983917)
* Sun Jun 23 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
 1.3.0-1
- new upstream release 1.3.0
- use system paths for manual pages and documentation (RHBZ#953051)
* Sat Jun 22 2013 T.C. Hollingsworth <tchollingsworth@gmail.com> -
 1.2.17-6
- restrict to compatible arches
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #989965 - nodejs-mime-1.2.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=989965
  [ 2 ] Bug #989962 - nodejs-glob-3.2.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=989962
  [ 3 ] Bug #989961 - nodejs-generic-pool-2.0.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=989961
  [ 4 ] Bug #984569 - nodejs-rimraf-2.2.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=984569
  [ 5 ] Bug #984567 - nodejs-read-1.0.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=984567
  [ 6 ] Bug #984566 - nodejs-mute-stream-0.0.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=984566
  [ 7 ] Bug #984558 - nodejs-bindings-1.1.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=984558
  [ 8 ] Bug #982985 - nodejs-request-2.25.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=982985
  [ 9 ] Bug #982982 - nodejs-form-data-0.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=982982
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update npm' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce