I meant "I'm *not* sure I'll be able to deal with lib8-3.14

Jean Baptiste

On 15/11/2014 21:28, Jean Baptiste Favre wrote:
> Hello Thomas,
> Thanks for your update.
> I decided to have a look on this bug because it seemed quite easy to fix
> it: upstream patch was available and small anough for me.
> Unfortunatly, I'm sure I'll be able to deal with lib8-3.14. The more I
> dig into, the less I understand (more or less) :)
> I'll try anyway,
> Regards,
> Jean Baptiste
> On 15/11/2014 20:44, Thomas Viehmann wrote:
>> Hi Jean Baptiste,
>> thank you for looking into this.
>> Note that the changelog entries for nodejs 0.10.31 and .32 include
>>   v8: backport CVE-2013-6668
>>   v8: fix a crash introduced by previous release
>> If libv8 in Debian is affected by those, you might also consider also
>> backporting those fixes when preparing a new v8 package.
>> (Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for
>> SSLv2/3 by default", not sure whether the release team would let
>> something like that through.)
>> Best regards
>> Thomas

Attachment: signature.asc
Description: OpenPGP digital signature

Pkg-javascript-devel mailing list

Reply via email to