[Pkg-javascript-devel] Bug#773671: Bug#773671: libv8-3.14: multiple security issues

Moritz Mühlenhoff jmm at inutil.org
Mon Dec 29 21:04:31 UTC 2014


On Mon, Dec 29, 2014 at 12:28:30PM +0100, Bálint Réczey wrote:
> Hi Moritz,
> 
> 2014-12-29 3:01 GMT+01:00 Moritz Mühlenhoff <jmm at inutil.org>:
> > On Sun, Dec 21, 2014 at 03:19:42PM -0500, Michael Gilbert wrote:
> >> package: src:libv8-3.14
> >> severity: grave
> >> tags: security
> >>
> >> Hi,
> >>
> >> the following vulnerabilities were published for libv8-3.14.
> >
> > So if I'm understanding the discussion on debian-devel correctly
> > the libv8 maintainers want to see this treated as an RC-bug.
> > Please clarify your intentions, do you
> >
> > a) intent to fix these issues with patches and if that's not possible
> > remove libv8 along with its rev deps?
> >
> > b) want to keep this with RC severity and tag it jessie-ignore.
> > I would consider that rather broken since foo-ignore is used for
> > issues which are ignored for once, but which will be addressed
> > in release+1. I don't see the libv8 situation change upstream...
> The rationale behind opening the RC bugs was improving transparency on
> my side. I think more people follow bugs than the security tracker.

Ok. In the past we didn't file bugs on libv8 since they were unlikely
to be dealt with anyway. We'll file bugs for any future libv8 issues.

Cheers,
        Moritz



More information about the Pkg-javascript-devel mailing list