Package: node-concat-stream / 1.5.1-2

Metadata

Package Version Patches format
node-concat-stream 1.5.1-2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
readable stream.patch | (download)

index.js | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use nodejs stream module instead of readable-stream
 The nodejs Stream module is "stable" in nodejs v4.2.1 (LTS)
 so readable-stream is not required and will no longer be packaged.
to string_numbers.patch | (download)

index.js | 15 11 + 4 - 0 !
test/string.js | 13 12 + 1 - 0 !
2 files changed, 23 insertions(+), 5 deletions(-)

 to-string numbers written to the stream
 Node-concat-stream is vulnerable to Uninitialized Memory Exposure. This
 possible memory disclosure vulnerability exists when a value of type number
 is provided to the stringConcat() method and results in concatination of
 uninitialized memory to the stream collection.
 This is a result of unobstructed use of the Buffer constructor, whose
 insecure default constructor increases the odds of memory leakage.
 See https://snyk.io/vuln/npm:concat-stream:20160901 for further details.