Timing attack vulnerability was found in cookie-signature affecting versions <= 1.0.5. Upstream patch: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e External References: https://nodesecurity.io/advisories/134
Created nodejs-cookie-signature tracking bugs for this issue: Affects: fedora-all [bug 1379750] Affects: epel-all [bug 1379752]
*** This bug has been marked as a duplicate of bug 1371409 ***