[Pkg-javascript-devel] Bug#760385: Fix for CVE-2014-5256
Jean Baptiste Favre
debian at jbfavre.org
Sat Nov 15 20:28:43 UTC 2014
Hello Thomas,
Thanks for your update.
I decided to have a look on this bug because it seemed quite easy to fix
it: upstream patch was available and small anough for me.
Unfortunatly, I'm sure I'll be able to deal with lib8-3.14. The more I
dig into, the less I understand (more or less) :)
I'll try anyway,
Regards,
Jean Baptiste
On 15/11/2014 20:44, Thomas Viehmann wrote:
> Hi Jean Baptiste,
>
> thank you for looking into this.
> Note that the changelog entries for nodejs 0.10.31 and .32 include
> v8: backport CVE-2013-6668
> v8: fix a crash introduced by previous release
> If libv8 in Debian is affected by those, you might also consider also
> backporting those fixes when preparing a new v8 package.
>
> (Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for
> SSLv2/3 by default", not sure whether the release team would let
> something like that through.)
>
> Best regards
>
> Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20141115/016e2495/attachment.sig>
More information about the Pkg-javascript-devel
mailing list