lukechilds/node - node - Gitea: Git with a cup of tea

Author	SHA1	Message	Date
jkummerow@chromium.org	39e2426b20	v8: backport fix for CVE-2013-{6639\|6640} Quoting CVE-2013-6639: The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. Quoting CVE-2013-6640: The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. Like 6b92a7, this is unlikely to affect node.js because it only runs local, trusted code. However, if there exists some module somewhere that populates an array index with remotely provided data this could very well be used to crash a remote server running node. Defense in depth and all. This is a backport of upstream commit r17801. Original commit log: Limit size of dehoistable array indices LOG=Y BUG=chromium:319835,chromium:319860 R=dslomov@chromium.org Review URL: https://codereview.chromium.org/74113002	11 years ago
isaacs	81c278d58d	V8: Upgrade to 3.14.5.8	12 years ago
isaacs	4b64542fe0	Upgrade V8 to 3.9.24.6	13 years ago
Ryan Dahl	60040a4f36	Upgrade V8 to 3.8.6	13 years ago
Ryan Dahl	c8b6ef248e	upgrade v8 to 2.0.3	15 years ago
Ryan Dahl	50f45d14b4	Upgrade v8 to 1.3.17	15 years ago
Ryan	3a41367c40	Upgrade v8 to version 1.2.3.	16 years ago
Ryan	40c0f755c9	import full versions of dependency libraries!	16 years ago