Le ven. 16 août 2019 à 10:03, Moritz Muehlenhoff <[email protected]> a écrit :
> Package: nodejs > Severity: grave > Tags: security > > nodejs is affected by some of the recently announced HTTP2 issues: > > https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ > > https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md Hi, i plan to: - later today backport patches regarding http2 fixes to current version in buster (10.15.2) hopefully they don't depend on libnghttp2 1.39, which is not in available in buster. - upload latest 10.x version to unstable - later fix and upload 12 to experimental Jérémy
