diff options
author | Rich Trott <rtrott@gmail.com> | 2018-10-25 12:13:10 -0700 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2018-10-27 12:28:08 -0700 |
commit | 336651bad0368e1a4ea5597c9a0615764dba4d16 (patch) | |
tree | cd0d1828bfffd6185c87a8c46b6191151768f6ca /README.md | |
parent | c99026bdd72aedadd79a1252ac3c2b3cbb8d26e7 (diff) | |
download | android-node-v8-336651bad0368e1a4ea5597c9a0615764dba4d16.tar.gz android-node-v8-336651bad0368e1a4ea5597c9a0615764dba4d16.tar.bz2 android-node-v8-336651bad0368e1a4ea5597c9a0615764dba4d16.zip |
doc: simplify valid security issue descriptions
PR-URL: https://github.com/nodejs/node/pull/23881
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 9 |
1 files changed, 4 insertions, 5 deletions
@@ -182,9 +182,8 @@ nonetheless. ### Private disclosure preferred - [CVE-2016-7099](https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/): - _Fix invalid wildcard certificate validation check_. This is a high severity - defect that would allow a malicious TLS server to serve an invalid wildcard - certificate for its hostname and be improperly validated by a Node.js client. + _Fix invalid wildcard certificate validation check_. This was a high-severity + defect. It caused Node.js TLS clients to accept invalid wildcard certificates. - [#5507](https://github.com/nodejs/node/pull/5507): _Fix a defect that makes the CacheBleed Attack possible_. Many, though not all, OpenSSL vulnerabilities @@ -192,8 +191,8 @@ nonetheless. - [CVE-2016-2216](https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/): _Fix defects in HTTP header parsing for requests and responses that can allow - response splitting_. While the impact of this vulnerability is application and - network dependent, it is remotely exploitable in the HTTP protocol. + response splitting_. This was a remotely-exploitable defect in the Node.js + HTTP implementation. When in doubt, please do send us a report. |