[Pkg-javascript-devel] Bug#934885: Bug#934885: August 2019 security release
Jérémy Lal
kapouer at melix.org
Fri Aug 16 13:14:05 BST 2019
Le ven. 16 août 2019 à 10:03, Moritz Muehlenhoff <jmm at debian.org> a écrit :
> Package: nodejs
> Severity: grave
> Tags: security
>
> nodejs is affected by some of the recently announced HTTP2 issues:
>
> https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
>
> https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
Hi,
i plan to:
- later today backport patches regarding http2 fixes to current version in
buster (10.15.2)
hopefully they don't depend on libnghttp2 1.39, which is not in available
in buster.
- upload latest 10.x version to unstable
- later fix and upload 12 to experimental
Jérémy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20190816/fc8259fe/attachment.html>
More information about the Pkg-javascript-devel
mailing list