From 6d9ee4b1843868850d950c037bbf696f72170c0c Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Wed, 9 Jan 2013 17:21:16 -0800
Subject: [PATCH] blog: Add security notice to v0.8.17 post

---
 doc/blog/release/v0.8.17.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/blog/release/v0.8.17.md b/doc/blog/release/v0.8.17.md
index abd61ac..a1efb50 100644
--- a/doc/blog/release/v0.8.17.md
+++ b/doc/blog/release/v0.8.17.md
@@ -4,6 +4,18 @@ slug: node-v0-8-17-stable
 category: release
 version: 0.8.17
 
+This release addresses a potential security vulnerability.
+
+If you do not use TypedArrays, then you're fine (but should still
+upgrade for other reasons, like better performance and npm
+peerDependencies.)
+
+If you use TypedArrays, you should upgrade to v0.8.17 as soon as
+possible.  If user input can affect the size parameter in a
+TypedArray, an integer overflow vulnerability could allow an attacker
+to write to areas of memory outside the intended buffer.  Please
+upgrade ASAP.
+
 2012.01.09, Version 0.8.17 (Stable)
 
 * npm: Upgrade to v1.2.0
-- 
2.7.4