<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le ven. 16 août 2019 à 10:03, Moritz Muehlenhoff <<a href="mailto:jmm@debian.org">jmm@debian.org</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Package: nodejs<br>
Severity: grave<br>
Tags: security<br>
<br>
nodejs is affected by some of the recently announced HTTP2 issues:<br>
<br>
<a href="https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/" rel="noreferrer" target="_blank">https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/</a><br>
<a href="https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" rel="noreferrer" target="_blank">https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md</a></blockquote><div><br></div><div>Hi,</div><div><br></div><div>i plan to:</div><div>- later today backport patches regarding http2 fixes to current version in buster (10.15.2)</div><div>  hopefully they don't depend on libnghttp2 1.39, which is not in available in buster.</div><div>- upload latest 10.x version to unstable<br></div><div>- later fix and upload 12 to experimental</div><div><br></div><div>Jérémy</div><div><br></div></div></div>