Public bug reported: 8.11 releases of node.js fixes the following CVEs: CVE-2018-7158 CVE-2018-7159 CVE-2018-7160
ubuntu bionic package 8.10.0~dfsg-2 does not include those fixes. package changelog is nodejs (8.10.0~dfsg-2) experimental; urgency=medium * Drop binutils dependency (Closes: #893841) * Move repository to https://salsa.debian.org/js-team/nodejs.git -- Jérémy Lal <kapo...@melix.org> Fri, 23 Mar 2018 09:30:55 +0100 nodejs (8.10.0~dfsg-1) experimental; urgency=medium * New upstream version 8.10.0~dfsg * Vcs-Git for that branch * Remove openssl patches and others, applied upstream * Depends icu 60.2 * Patch: build doc using node-js-yaml * Build-Depends node-js-yaml -- Jérémy Lal <kapo...@melix.org> Fri, 16 Mar 2018 10:25:24 +0100 [...] ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: nodejs (not installed) ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17 Uname: Linux 4.15.0-20-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.9-0ubuntu7 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Fri May 11 16:08:03 2018 InstallationDate: Installed on 2018-05-07 (3 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: nodejs UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: nodejs (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic wayland-session ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1770655 Title: nodejs is at 8.10 while 8.11 is a security release. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1770655/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
