Hi, all!
So, last night I pushed an update for an undisclosed security update and promptly went to the bar afterward, and in the intervening time the whole Internet has gone crazy!
Now it's fairly widely reported that this is a pretty nasty DoS vulnerability, so I'd appreciate some karma on the following updates so we can get this pushed stable ASAP. They've all been pushed to testing as of now.
F20: https://admin.fedoraproject.org/updates/FEDORA-2013-19512/ F19: https://admin.fedoraproject.org/updates/FEDORA-2013-19497/ F18: https://admin.fedoraproject.org/updates/FEDORA-2013-19491/ EL6: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11891/
Upstream has somewhat deservedly been put through the ringer for handling this improperly, but in their defense the initial report was just made publicly on github instead of by mail to security@nodejs.org so they were pretty much screwed from the get go. I did at least receive a nice apology in my inbox today from one of the lead developers for the lack of early notice to distributions.
Thanks in advance! -T.C.