Updated uglify-js packages fix security vulnerability
Publication date: 19 Nov 2015Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5
Description
The UglifyJS node module has a problem where the combination of De Morgan's Law and non-boolean values can lead to a case where code is incorrectly minified, which can lead to possibly malicious minified JS code.
References
SRPMS
5/core
- uglify-js-2.4.24-3.mga5
- nodejs-align-text-0.1.3-1.mga5
- nodejs-ansi-regex-2.0.0-1.mga5
- nodejs-camelcase-1.2.1-1.mga5
- nodejs-center-align-0.1.1-1.mga5
- nodejs-cliui-3.0.3-1.mga5
- nodejs-code-point-at-1.0.0-1.mga5
- nodejs-decamelize-1.0.0-1.mga5
- nodejs-invert-kv-1.0.0-1.mga5
- nodejs-is-buffer-1.1.0-1.mga5
- nodejs-is-fullwidth-code-point-1.0.0-1.mga5
- nodejs-kind-of-2.0.1-1.mga5
- nodejs-lcid-1.0.0-1.mga5
- nodejs-longest-1.0.1-1.mga5
- nodejs-minimist-1.2.0-1.mga5
- nodejs-number-is-nan-1.0.0-1.mga5
- nodejs-os-locale-1.4.0-1.mga5
- nodejs-repeat-string-1.5.2-1.mga5
- nodejs-right-align-0.1.3-1.mga5
- nodejs-source-map-0.5.1-1.1.mga5
- nodejs-string-width-1.0.1-6.mga5
- nodejs-strip-ansi-3.0.0-1.mga5
- nodejs-window-size-0.1.2-1.mga5
- nodejs-wrap-ansi-1.0.0-1.mga5
- nodejs-y18n-3.2.0-1.mga5
- nodejs-yargs-3.28.0-2.mga5