Cookie-signature is a library for signing cookies. Versions before 1.0.4 were vulnerable to timing attacks. External References: https://nodesecurity.io/advisories/134 Upstream fix: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
Created nodejs-cookie-signature tracking bugs for this issue: Affects: fedora-all [bug 1371410] Affects: epel-all [bug 1371411]
DWF assignment: https://github.com/distributedweaknessfiling/DWF-Database/commit/2d8e72d5449dd1a1f8b89e365e326a0356e38fb0
*** Bug 1379747 has been marked as a duplicate of this bug. ***