[Pkg-javascript-devel] Bug#760385: Fix for CVE-2014-5256
Thomas Viehmann
tv at beamnet.de
Sat Nov 15 19:44:22 UTC 2014
Hi Jean Baptiste,
thank you for looking into this.
Note that the changelog entries for nodejs 0.10.31 and .32 include
v8: backport CVE-2013-6668
v8: fix a crash introduced by previous release
If libv8 in Debian is affected by those, you might also consider also
backporting those fixes when preparing a new v8 package.
(Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for
SSLv2/3 by default", not sure whether the release team would let
something like that through.)
Best regards
Thomas
More information about the Pkg-javascript-devel
mailing list