Linux repositories inspector

nodejs6-debuginfo - Debug information for package nodejs6

This package provides debug information for package nodejs6. Debug information is useful when developing applications that use this package or when debugging this package.
6.17.0
OpenSUSE iconOpenSUSE Leap 42.3
6.16.0
OpenSUSE iconOpenSUSE Leap 42.3
6.14.4
OpenSUSE iconOpenSUSE Leap 42.3
6.14.3
OpenSUSE iconOpenSUSE Leap 42.3
6.14.1
OpenSUSE iconOpenSUSE Leap 42.3
6.12.2
OpenSUSE iconOpenSUSE Leap 42.3
6.11.1
OpenSUSE iconOpenSUSE Leap 42.3
6.9.5
OpenSUSE iconOpenSUSE Leap 42.3
DistributionVersionSincePackageInstalledPackager
OpenSUSE iconOpenSUSE Leap 42.3 debug/ossrpm6.9.5-1.217.01.2019713 kiB4.02 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.17.0-21.108.04.2019746 kiB4.14 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.16.0-18.122.02.2019743 kiB4.14 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.14.4-15.118.01.2019742 kiB4.14 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.14.3-12.118.01.2019743 kiB4.14 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.14.1-9.218.01.2019740 kiB4.13 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.12.2-6.118.01.2019733 kiB4.12 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 debug/update/ossrpm6.11.1-3.118.01.2019727 kiB4.1 MiBhttp://bugs.opensuse.org

Latest updates

OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.16.0-18.1 to 6.17.0-21.1

08.04.2019 10:17
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Version 6.17.0-1.1 removed

15.03.2019 12:27
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Updated from 6.16.0-1.5 to 6.17.0-1.1

10.03.2019 10:08
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.14.4-15.1 to 6.16.0-18.1

22.02.2019 07:05
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Updated from 6.16.0-1.4 to 6.16.0-1.5

15.02.2019 10:09
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Updated from 6.16.0-1.3 to 6.16.0-1.4

05.02.2019 03:17
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Updated from 6.16.0-1.1 to 6.16.0-1.3

03.02.2019 08:18
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.14.3-12.1 to 6.14.4-15.1

18.01.2019 02:26
  • New upstream LTS release 6.14.4:
    • buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115, bsc#1105019)
    • deps: Upgrade to OpenSSL 1.0.2p, fixing:
      • Client DoS due to large DH parameter
      (CVE-2018-0732, bsc#1097158)
      • ECDSA key extraction via local side-channel
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.14.1-9.2 to 6.14.3-12.1

18.01.2019 02:26
  • New upstream LTS release 6.14.3:
    • buffer: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.12.2-6.1 to 6.14.1-9.2

18.01.2019 02:26
  • Fix some node-gyp permissions
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Updated from 6.11.1-3.1 to 6.12.2-6.1

18.01.2019 02:26
  • Dropped 8334.diff - no longer needed
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/update/oss: Version 6.11.1-3.1 introduced

18.01.2019 02:26
  • Fix update-alternative handling in %postun - don't remove links on upgrades.
OpenSUSE Leap 42.3 icon

OpenSUSE Leap 42.3 debug/oss: Version 6.9.5-1.2 introduced

17.01.2019 18:45
  • New upstream LTS release 6.9.5
    • deps: upgrade openssl sources to 1.0.2k
      (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
      bnc#1022085, bnc#1022086, bnc#1009528)
  • No changes in LTS release 6.9.4
  • Adjusted 8334.diff to be inline with accepted changes
OpenSUSE Tumbleweed icon

OpenSUSE Tumbleweed debug/oss: Version 6.16.0-1.1 introduced

17.01.2019 17:43
  • New upstream LTS release 6.14.2:
    • n-api: n-api has been backported to v6.x.
  • icu_61_namespacefix.patch: Fix building with ICU61.1 (bsc#1091764)
  • versioned.patch: rebased

Related packages

nodejs6 - Evented I/O for V8 JavaScript
⇧ Top