nodejs: multiple issues

• CVE-2015-6764 (V8 out-of-bounds access vulnerability):

A bug was discovered in V8’s implementation of JSON.stringify() that can
result in out-of-bounds reads on arrays. The patch was included in this
week’s update of Chrome Stable. While this bug is high severity for
browsers, it is considered lower risk for Node.js users as it requires
the execution of third-party JavaScript within an application in order
to be exploitable.

Node.js users who expose services that process untrusted user-supplied
JavaScript are at obvious risk. However, we recommend that all users of
impacted versions of Node.js upgrade to the appropriate patched version
in order to protect against malicious third-party JavaScript that may be
executed within a Node.js process by other means.

• CVE-2015-8027 (denial of service):

This critical denial of service (DoS) vulnerability impacts all versions
of v0.12.x through to v5.x, inclusive. The vulnerability was discovered
by Node.js core team member Fedor Indutny and relates to HTTP
pipelining. Under certain conditions an HTTP socket may no longer have a
parser associated with it but a pipelined request can trigger a pause or
resume on the non-existent parser thereby causing an uncaughtException
to be thrown. As these conditions can be created by an external attacker
and cause a Node.js service to be shut down we consider this a critical
vulnerability. It is recommended that users of impacted versions of
Node.js exposing HTTP services upgrade to the appropriate patched
versions as soon as practical.