Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jkrems
on Oct 19, 2013
|
parent
|
context
|
favorite
| on:
Node v0.10.21 Stable has critical security fix
Unfortunately that test-case passes against 0.8.25 as well. So I'm not quite convinced it can be used reliably to reproduce the problem.
ak217
on Oct 19, 2013
[–]
Unsurprising because the new streams API, which is responsible for this bug, was introduced in node 0.10. Try with earlier 0.10 versions instead.
jkrems
on Oct 19, 2013
|
parent
[–]
Well, in that case lets add confusion about affected versions to the list of things being suboptimal about this whole thing:
http://blog.nodejs.org/2013/10/18/node-v0-8-26-maintenance/
- the same warning about the same error and they did backport the fix to 0.8:
https://github.com/joyent/node/commit/653d4db71f569ddc87a0bc...
ak217
on Oct 19, 2013
|
root
|
parent
[–]
You're right, that is confusing. I'm not sure how it's exploitable in 0.8.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
