UPDATE: 16:45 6-July-2015 UTC
Summary: Vulnerability in Node.js 0.11.x thru 0.12.5 -- this issue is resolved as follows in Node.js version 0.12.6:
"Fixed an out-of-band write in utf8 decoder. Impacts all Buffer to String conversions. This is an important security update as it can be used to cause a denial of service attack."
Status: pkgsrc 2014Q4 and 2015Q1 have been updated with nodejs-0.12.6. Customers can upgrade as follows:
pkgin upgrade nodejs
If you have any questions regarding this issue, please contact Joyent Support by creating a ticket at help.joyent.com or via email to firstname.lastname@example.org.