version 0.10.5 is impacted and should be upgraded to 0.10.6. https://medium.com/@iojs/important-security-upgrades-for-node-js-and-io-js-8ac14ece5852
I believe there's a mistake in your bug report: it is really 0.12.6 that has been released as a security fix for 0.12.5. Can you submit a patch to update to 0.12.6 ? Thanks!
Created attachment 6091 [details] Important security upgrades for node.js (upgrade to v0.12.6)
Hi Thomas, Can you check and test it ?
Chris, Thanks for the patch! The normal process for submitting patches isa to send them to the list, like explained in the manual: http://buildroot.net/downloads/manual/manual.html#submitting-patches However, I can already spot some issues with the patch: when you use git-send-email, use the -C option, so that files that are only renamed (or moved to another directory) only appear as a git rename, please? Regards, Yann E. MORIN.
Yann: we did a mistake when merging the alternate version stuff for NodeJS. The naming of the option should not be 0_12_5, but just 0_12. Otherwise, everytime we upgrade the minor version of NodeJS, we would need to change the Config.in option name, which isn't good. I did not notice that when applying the patches.
Thomas, Yes, probably. And also for 0_10, I guess. Regards, Yann E. MORIN.
Chris, We believe this has been fixed with: 781529b package/nodejs: security bump http://git.buildroot.org/buildroot/commit/?id=781529b159313c04903791c6f9e437e697f0e3a9 Regards, Yann E. MORIN.