I meant "I'm *not* sure I'll be able to deal with lib8-3.14 Sorry, Jean Baptiste
On 15/11/2014 21:28, Jean Baptiste Favre wrote: > Hello Thomas, > Thanks for your update. > > I decided to have a look on this bug because it seemed quite easy to fix > it: upstream patch was available and small anough for me. > Unfortunatly, I'm sure I'll be able to deal with lib8-3.14. The more I > dig into, the less I understand (more or less) :) > > I'll try anyway, > Regards, > Jean Baptiste > > On 15/11/2014 20:44, Thomas Viehmann wrote: >> Hi Jean Baptiste, >> >> thank you for looking into this. >> Note that the changelog entries for nodejs 0.10.31 and .32 include >> v8: backport CVE-2013-6668 >> v8: fix a crash introduced by previous release >> If libv8 in Debian is affected by those, you might also consider also >> backporting those fixes when preparing a new v8 package. >> >> (Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for >> SSLv2/3 by default", not sure whether the release team would let >> something like that through.) >> >> Best regards >> >> Thomas >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel