Vulnerability in Node.js 0.11.x thru 0.12.5 – this issue is resolved as follows in Node.js version 0.12.6:
Fixed an out-of-band write in utf8 decoder. Impacts all Buffer to String conversions. This is an important security update as it can be used to cause a denial of service attack.
pkgsrc 2014Q4 and 2015Q1 have been updated with nodejs-0.12.6. Customers can upgrade as follows:
pkgin up pkgin upgrade nodejs