node/deps
Michael Dawson a81aa37944
deps: cherry-pick 0d252eb from upstream c-ares
Original commit message:

  If there are more ttls returned than the maximum provided by the requestor, then
  the *naddrttls response would be larger than the actual number of elements in
  the addrttls array.

  This bug could lead to invalid memory accesses in applications using c-ares.

  This behavior appeared to break with PR https://github.com/c-ares/c-ares/pull/257

  Fixes: https://github.com/c-ares/c-ares/issues/371
  Reported By: Momtchil Momtchev (@mmomtchev)
  Fix By: Brad House (@bradh352)

Refs: https://github.com/nodejs/node/issues/36063

Signed-off-by: Michael Dawson <mdawson@devrus.com>

CVE-ID: CVE-2020-8277
PR-URL: https://github.com/nodejs-private/node-private/pull/231
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
2020-11-16 17:09:10 +01:00
..
acorn deps: update acorn to v8.0.4 2020-10-27 03:26:56 +00:00
acorn-plugins deps: update acorn to v8.0.4 2020-10-27 03:26:56 +00:00
brotli
cares deps: cherry-pick 0d252eb from upstream c-ares 2020-11-16 17:09:10 +01:00
cjs-module-lexer deps: upgrade to cjs-module-lexer@1.0.0 2020-11-02 10:24:04 -08:00
histogram
icu-small
llhttp
nghttp2
nghttp3
ngtcp2
node-inspect
npm deps: upgrade npm to 7.0.11 2020-11-16 06:27:36 -08:00
openssl
uv
uvwasi
v8 deps: V8: cherry-pick 1d0f426311d4 2020-11-15 16:47:48 +01:00
zlib build: fix zlib inlining for IA-32 2020-11-09 12:35:42 -08:00