[Pkg-javascript-devel] Bug#773671: Unfixed old CVEs should really be RC
Moritz Muehlenhoff
jmm at inutil.org
Mon Apr 3 18:03:16 UTC 2017
On Tue, Feb 28, 2017 at 02:28:28PM +0200, Adrian Bunk wrote:
> Control: severity -1 serious
>
> Dozens of unfixed CVEs, the oldest unfixed CVEs will be more than
> 4 years old when stretch gets released.
>
> In the current state the package is really too buggy for shipping
> in a new stable release.
Note that nodejs will not be covered by security support in stretch (as it was
done for jessie already). We had initially considered it, but with
nodejs 6 not having it made into stretch, that's not realistic.
So these can be downgraded to non-RC (or if the release team thinks
nodejs should rather be remove from testing, removal is also an option
of course).
Cheers,
Moritz
More information about the Pkg-javascript-devel
mailing list