New subject: [Bug 988710] VUL-0: CVE-2016-1000022: nodejs-negotiator: Regular expression denial-of-service

13 Jul 2016

      http://bugzilla.opensuse.org/show_bug.cgi?id=988710

            Bug ID: 988710
           Summary: VUL-0: CVE-2016-1000022: nodejs-negotiator: Regular
                    expression denial-of-service
    Classification: openSUSE
           Product: openSUSE.org
           Version: unspecified
          Hardware: Other
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: 3rd party software
          Assignee: i@marguerite.su
          Reporter: astieger@suse.com
        QA Contact: opensuse-communityscreening@forge.provo.novell.com
                CC: joachim.gleissner@suse.com
          Found By: Security Response Team
           Blocker: ---

Courtesy bug from the SUSE security bug against
devel:languages:nodejs/nodejs-negotiator
...
From https://nodesecurity.io/advisories/106
The header for "Accept-Language", when parsed by negotiator is vulnerable to
Regular Expression Denial of Service via a specially crafted string. 

devel:languages:nodejs/nodejs-negotiator is at 0.5.3, Fix is in 0.6.1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1347677

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 988710] New: VUL-0: CVE-2016-1000022: nodejs-negotiator: Regular expression denial-of-service

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)