Bugzilla – Bug 988710
VUL-0: CVE-2016-1000022: nodejs-negotiator: Regular expression denial-of-service
Last modified: 2018-06-14 02:40:03 UTC
Courtesy bug from the SUSE security bug against devel:languages:nodejs/nodejs-negotiator
The header for "Accept-Language", when parsed by negotiator is vulnerable to Regular Expression Denial of Service via a specially crafted string.
devel:languages:nodejs/nodejs-negotiator is at 0.5.3, Fix is in 0.6.1
bugbot adjusting priority
reassigned to Adam. Now I'm busy reworking the nodejs-packaging codes so Adam please help with this (I think it's been disabled and it's not a Factory package...nothing we can do here).
Updated to 0.6.1 by sr#613943.