From f4d2662b3896dac3fd165718c10a2d9e65eba7ad Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Sun, 8 Sep 2019 21:13:24 +0300 Subject: [PATCH] Replace `name` attribute with `id`. Also, fix a duplicate name (id) in september-2016-security-releases.md. --- locale/en/blog/release/v0.10.0.md | 4 ++- ...openssl-and-low-severity-fixes-jan-2016.md | 2 +- .../vulnerability/openssl-november-2017.md | 3 +- .../september-2016-security-releases.md | 28 +++++++++---------- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/locale/en/blog/release/v0.10.0.md b/locale/en/blog/release/v0.10.0.md index b2977673d58ff..012c0787502c8 100644 --- a/locale/en/blog/release/v0.10.0.md +++ b/locale/en/blog/release/v0.10.0.md @@ -317,7 +317,9 @@ versions of Node. This is a remarkably effective way to do node-core development. Future developments will continue to be iterated in userland modules. -## Growing Up + + +## Growing Up The question comes up pretty often whether Node is "ready for prime time" yet. I usually answer that it depends on your requirements for diff --git a/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md b/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md index 30d26114f1347..9c8bc3d12674a 100644 --- a/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md +++ b/locale/en/blog/vulnerability/openssl-and-low-severity-fixes-jan-2016.md @@ -98,7 +98,7 @@ Previous releases of OpenSSL (since Node.js v0.10.39, v0.12.5, v4.0.0 and v5.0.0 The new OpenSSL release, for all Node.js lines, increases this to 1024-bits. The change only impacts TLS clients connecting to servers with weak DH parameter lengths. - + ## _(Update 30-Jan-2016)_ Release postponement diff --git a/locale/en/blog/vulnerability/openssl-november-2017.md b/locale/en/blog/vulnerability/openssl-november-2017.md index a4790d69caeb3..e68886d04efc4 100644 --- a/locale/en/blog/vulnerability/openssl-november-2017.md +++ b/locale/en/blog/vulnerability/openssl-november-2017.md @@ -57,7 +57,8 @@ Our active release lines are: We will include an update here once all releases are made available. - + + ***Original post is included below*** --- diff --git a/locale/en/blog/vulnerability/september-2016-security-releases.md b/locale/en/blog/vulnerability/september-2016-security-releases.md index 483b32ac1ed0e..a2dff446b64a2 100644 --- a/locale/en/blog/vulnerability/september-2016-security-releases.md +++ b/locale/en/blog/vulnerability/september-2016-security-releases.md @@ -102,7 +102,7 @@ Full disclosure of fixed vulnerabilities will be provided after all releases are The OpenSSL project has [announced](https://www.openssl.org/news/secadv/20160922.txt) the general availability of versions [1.0.2i](https://www.openssl.org/news/openssl-1.0.2-notes.html) (to be included in Node.js v4 and above) and [1.0.1u](https://www.openssl.org/news/openssl-1.0.1-notes.html) (to be included in Node.js v0.10 and v0.12). Our crypto team (Shigeki Ohtsu, Fedor Indutny, and Ben Noordhuis) have performed an analysis of the defects addressed in the OpenSSL releases to determine their impact on Node.js. The results of this analysis are included below. - + ### [CVE-2016-6304](https://www.openssl.org/news/vulnerabilities.html#2016-6304): OCSP Status Request extension unbounded memory growth @@ -112,7 +112,7 @@ This flaw is labelled _high_ severity due to the ease of use for a DoS attack an **Assessment**: All versions of Node.js are **affected** by this vulnerability. - + ### [CVE-2016-6305](https://www.openssl.org/news/vulnerabilities.html#2016-6305): SSL_peek() hang on empty record @@ -122,7 +122,7 @@ Node.js is not yet dependent on OpenSSL 1.1.0 so it is not impacted by this flaw **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2183](https://www.openssl.org/news/vulnerabilities.html#2016-2183): SWEET32 Mitigation @@ -132,7 +132,7 @@ As mitigation, OpenSSL has moved DES-based ciphers from the `HIGH` to `MEDIUM` g **Assessment**: All versions of Node.js are **affected** by this vulnerability. - + ### [CVE-2016-6303](https://www.openssl.org/news/vulnerabilities.html#2016-6303): OOB write in MDC2_Update() @@ -142,7 +142,7 @@ Node.js is impacted by this flaw but due to the impracticalities of exploiting i **Assessment**: All versions of Node.js are **affected** by this vulnerability. - + ### [CVE-2016-6302](https://www.openssl.org/news/vulnerabilities.html#2016-6302): Malformed SHA512 ticket DoS @@ -152,7 +152,7 @@ Node.js does not use SHA512 for session tickets and is therefore not impacted by **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2182](https://www.openssl.org/news/vulnerabilities.html#2016-2182): OOB write in BN_bn2dec() @@ -160,7 +160,7 @@ An out of bounds (OOB) write can occur in `BN_bn2dec()` if an application uses t **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2180](https://www.openssl.org/news/vulnerabilities.html#2016-2180): OOB read in TS_OBJ_print_bio() @@ -170,7 +170,7 @@ Node.js does not make use of the Time Stamp Authority functionality in OpenSSL a **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2177](https://www.openssl.org/news/vulnerabilities.html#2016-2177): Pointer arithmetic undefined behaviour @@ -180,7 +180,7 @@ It is unlikely that Node.js users are directly impacted by this. **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2178](https://www.openssl.org/news/vulnerabilities.html#2016-2178): Constant time flag not preserved in DSA signing @@ -190,7 +190,7 @@ This is _very low_ severity for Node.js users due to the difficulty in taking ad **Assessment**: All versions of Node.js are **affected** by this vulnerability. - + ### [CVE-2016-2179](https://www.openssl.org/news/vulnerabilities.html#2016-2179): DTLS buffered message DoS @@ -200,7 +200,7 @@ As Node.js does not support DTLS, users are not impacted by this flaw. **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-2179](https://www.openssl.org/news/vulnerabilities.html#2016-2179): DTLS replay protection DoS @@ -210,7 +210,7 @@ As Node.js does not support DTLS, users are not impacted by this flaw. **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-6306](https://www.openssl.org/news/vulnerabilities.html#2016-6306): Certificate message OOB reads @@ -220,7 +220,7 @@ Node.js is impacted by this _low_ severity flaw. **Assessment**: All versions of Node.js are **affected** by this vulnerability. - + ### [CVE-2016-6307](https://www.openssl.org/news/vulnerabilities.html#2016-6307): Excessive allocation of memory in tls_get_message_header() @@ -230,7 +230,7 @@ Node.js is not yet dependent on OpenSSL 1.1.0 so it is not impacted by this flaw **Assessment**: All versions of Node.js are believed to be **unaffected** by this vulnerability. - + ### [CVE-2016-6308](https://www.openssl.org/news/vulnerabilities.html#2016-6308): Excessive allocation of memory in dtls1_preprocess_fragment()