Hi,

I just discovered this while triaging node-fstream:
https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html#libv8
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#libv8

"Unfortunately, this means that libv8-3.14, nodejs, and the associated
node-* package ecosystem should not currently be used with untrusted
content, such as unsanitized data from the Internet.
In addition, these packages will not receive any security updates during
the lifetime of the Jessie release."

I'm surprised that `grep -ir node` doesn't find any match in the
'debian-security-support' repo.
Did I miss something or is it something we should do?

Cheers!
Sylvain

Reply via email to