Back to bug 1379921
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Martin Prpič | 2016-09-28 06:36:02 UTC | Blocks | 1346916 | |
| Martin Prpič | 2016-09-28 06:36:32 UTC | Depends On | 1379922 | |
| Tomas Hoger | 2016-09-28 12:27:00 UTC | Fixed In Version | nodejs 6.7.0, nodejs 4.6.0, nodejs 0.12.16, nodejs 0.10.47, | nodejs 6.7.0, nodejs 4.6.0, nodejs 0.12.16, nodejs 0.10.47 |
| Norman Sardella | 2016-09-30 12:54:46 UTC | CC | sardella | |
| Cedric Buissart | 2016-10-07 13:05:42 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=notaffected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=notaffected,openshift-enterprise-3/nodejs=notaffected,openstack-7-optools/nodejs=notaffected,openstack-9-optools/nodejs=notaffected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=notaffected,fedora-all/nodejs=affected,epel-all/nodejs=notaffected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=affected,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected |
| Cedric Buissart | 2016-11-01 09:31:14 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=affected,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected |
| Cedric Buissart | 2016-11-01 09:31:59 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected |
| Cedric Buissart | 2016-11-04 14:41:48 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-11-07 16:32:00 UTC | Doc Text | It was found that nodejs' checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client | |
| Cedric Buissart | 2016-11-08 13:18:34 UTC | Depends On | 1392912 | |
| Cedric Buissart | 2016-11-08 13:18:40 UTC | Depends On | 1392913 | |
| Cedric Buissart | 2016-11-08 13:18:47 UTC | Depends On | 1392914 | |
| Cedric Buissart | 2016-11-08 13:18:53 UTC | Depends On | 1392915 | |
| Cedric Buissart | 2016-11-08 14:09:35 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=affected,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected |
| Eric Christensen | 2016-11-08 16:14:49 UTC | Doc Text | It was found that nodejs' checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client | It was found that node.js' checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client. |
| Cedric Buissart | 2016-11-11 10:47:21 UTC | Doc Text | It was found that node.js' checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client. | It was found that node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client. |
| Jason Shepherd | 2016-11-14 01:48:35 UTC | Blocks | 1394602 | |
| Jason Shepherd | 2016-11-14 05:23:27 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected |
| Jason Shepherd | 2016-11-14 05:23:45 UTC | CC | avibelli, coneill, gsterlin, jbalunas, jshepherd, rrajasek, tjay, tkirby | |
| Cedric Buissart | 2016-11-29 09:56:26 UTC | Depends On | 1399557 | |
| Tomas Hoger | 2016-12-16 21:53:55 UTC | Doc Text | It was found that node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate to be accepted by a node.js client. | It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client. |
| Cedric Buissart | 2017-01-31 10:07:43 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=wontfix,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected |
| Cedric Buissart | 2017-01-31 10:20:59 UTC | Depends On | 1417856 | |
| Cedric Buissart | 2017-01-31 14:00:20 UTC | Depends On | 1417957 | |
| Cedric Buissart | 2017-01-31 14:00:30 UTC | Depends On | 1417958 | |
| Cedric Buissart | 2017-01-31 15:14:49 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openstack-10-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected |
| Tim Suter | 2017-02-14 00:28:43 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openstack-7-optools/nodejs=affected,openstack-9-optools/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected |
| Kurt Seifried | 2017-07-12 15:29:19 UTC | Depends On | 1470254, 1470252, 1470255, 1470253 | |
| Adam Young | 2017-10-18 18:53:14 UTC | CC | ayoung | |
| PnT Account Manager | 2018-01-30 03:14:15 UTC | CC | coneill | |
| PnT Account Manager | 2018-01-31 00:03:36 UTC | CC | aortega | |
| Jason Shepherd | 2018-04-03 03:49:47 UTC | CC | ahardin, dbaker, mchappel | |
| Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=affected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=notaffected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | ||
| PnT Account Manager | 2018-06-29 22:15:06 UTC | CC | kseifried | |
| Piotr Popieluch | 2018-07-30 10:28:10 UTC | CC | piotr1212 | |
| PnT Account Manager | 2019-04-22 21:31:19 UTC | CC | tjay | |
| Product Security DevOps Team | 2019-06-08 02:59:10 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 02:59:10 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:57:05 UTC | Whiteboard | impact=important,public=20160928,reported=20160928,source=internet,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N,rhscl-2/nodejs010-nodejs=wontfix,rhscl-2/rh-nodejs4-nodejs=affected,openshift-enterprise-2/nodejs010-nodejs=wontfix,openshift-enterprise-3/nodejs=notaffected,openshift-1/nodejs=affected,fedora-all/nodejs=affected,epel-all/nodejs=affected,rhmap-4/nodejs=notaffected | |
| Jamie Nguyen | 2020-11-05 10:32:50 UTC | CC | jamielinux |
Back to bug 1379921