Advisories » MGASA-2015-0454

Updated uglify-js packages fix security vulnerability

Publication date: 19 Nov 2015
Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5

Description

The UglifyJS node module has a problem where the combination of
De Morgan's Law and non-boolean values can lead to a case where code is
incorrectly minified, which can lead to possibly malicious minified JS
code.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16643
• http://openwall.com/lists/oss-security/2015/08/24/5

SRPMS

5/core

• uglify-js-2.4.24-3.mga5
• nodejs-align-text-0.1.3-1.mga5
• nodejs-ansi-regex-2.0.0-1.mga5
• nodejs-camelcase-1.2.1-1.mga5
• nodejs-center-align-0.1.1-1.mga5
• nodejs-cliui-3.0.3-1.mga5
• nodejs-code-point-at-1.0.0-1.mga5
• nodejs-decamelize-1.0.0-1.mga5
• nodejs-invert-kv-1.0.0-1.mga5
• nodejs-is-buffer-1.1.0-1.mga5
• nodejs-is-fullwidth-code-point-1.0.0-1.mga5
• nodejs-kind-of-2.0.1-1.mga5
• nodejs-lcid-1.0.0-1.mga5
• nodejs-longest-1.0.1-1.mga5
• nodejs-minimist-1.2.0-1.mga5
• nodejs-number-is-nan-1.0.0-1.mga5
• nodejs-os-locale-1.4.0-1.mga5
• nodejs-repeat-string-1.5.2-1.mga5
• nodejs-right-align-0.1.3-1.mga5
• nodejs-source-map-0.5.1-1.1.mga5
• nodejs-string-width-1.0.1-6.mga5
• nodejs-strip-ansi-3.0.0-1.mga5
• nodejs-window-size-0.1.2-1.mga5
• nodejs-wrap-ansi-1.0.0-1.mga5
• nodejs-y18n-3.2.0-1.mga5
• nodejs-yargs-3.28.0-2.mga5