Michael Dawson a81aa37944 deps: cherry-pick 0d252eb from upstream c-ares ... Original commit message: If there are more ttls returned than the maximum provided by the requestor, then the *naddrttls response would be larger than the actual number of elements in the addrttls array. This bug could lead to invalid memory accesses in applications using c-ares. This behavior appeared to break with PR https://github.com/c-ares/c-ares/pull/257 Fixes: https://github.com/c-ares/c-ares/issues/371 Reported By: Momtchil Momtchev (@mmomtchev) Fix By: Brad House (@bradh352) Refs: https://github.com/nodejs/node/issues/36063 Signed-off-by: Michael Dawson <mdawson@devrus.com> CVE-ID: CVE-2020-8277 PR-URL: https://github.com/nodejs-private/node-private/pull/231 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>		2020-11-16 17:09:10 +01:00
..
acorn	deps: update acorn to v8.0.4	2020-10-27 03:26:56 +00:00
acorn-plugins	deps: update acorn to v8.0.4	2020-10-27 03:26:56 +00:00
brotli	deps: update brotli to v1.0.9	2020-08-29 01:56:35 +00:00
cares	deps: cherry-pick 0d252eb from upstream c-ares	2020-11-16 17:09:10 +01:00
cjs-module-lexer	deps: upgrade to cjs-module-lexer@1.0.0	2020-11-02 10:24:04 -08:00
histogram
icu-small
llhttp	deps: update llhttp to 2.1.3	2020-10-04 08:17:10 +02:00
nghttp2
nghttp3
ngtcp2
node-inspect
npm	deps: upgrade npm to 7.0.11	2020-11-16 06:27:36 -08:00
openssl	deps: add openssl support for arm64	2020-08-25 10:54:43 -05:00
uv	deps: upgrade to libuv 1.40.0	2020-09-27 01:30:31 +00:00
uvwasi	deps: update to uvwasi 0.0.11	2020-09-11 05:46:06 -07:00
v8	deps: V8: cherry-pick 1d0f426311d4	2020-11-15 16:47:48 +01:00
zlib	build: fix zlib inlining for IA-32	2020-11-09 12:35:42 -08:00