[Pkg-javascript-devel] Bug#760385: Fix for CVE-2014-5256

Michael Gilbert mgilbert at debian.org
Sat Dec 20 10:06:47 UTC 2014


On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote:
> Hi Mike,
>
> On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert
> wrote:
>> control: severity -1 important
>>
>> There is no security support for libv8 in jessie, so security issues aren't RC.
> Could you please add some links to explain that?
> I was about to fix this issue in an NMU after double-checking the fix.

Severity doesn't say anything about whether or not a bugs can be
fixed, so you can still do that.  Anyway it was decided recently on
the security team ml.

Best wishes,
Mike



More information about the Pkg-javascript-devel mailing list