On Mon, Jan 26, 2015 at 7:58 AM, Bálint Réczey wrote:
> I have added the changes in git [1] and I plan uploading the fix this week.
> I will check the outstanding security issues for easily fixable ones
> and include the fixes in the same upload.

I went ahead with an nmu since it's been a few weeks without an upload.

Best wishes,
Mike
diff -Nru libv8-3.14-3.14.5.8/debian/changelog libv8-3.14-3.14.5.8/debian/changelog
--- libv8-3.14-3.14.5.8/debian/changelog	2014-05-06 19:35:22.000000000 +0000
+++ libv8-3.14-3.14.5.8/debian/changelog	2015-02-13 06:02:28.000000000 +0000
@@ -1,3 +1,11 @@
+libv8-3.14 (3.14.5.8-8.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Add README.Debian.security documenting the lack of security support for
+    this package for jessie (closes: #775715).
+
+ -- Michael Gilbert <mgilb...@debian.org>  Fri, 13 Feb 2015 05:59:08 +0000
+
 libv8-3.14 (3.14.5.8-8) unstable; urgency=medium
 
   * Add 0004_hurd.patch, add Architecture: hurd-i386.
diff -Nru libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs
--- libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs	1970-01-01 00:00:00.000000000 +0000
+++ libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs	2015-02-13 05:58:55.000000000 +0000
@@ -0,0 +1 @@
+debian/README.Debian.security
diff -Nru libv8-3.14-3.14.5.8/debian/README.Debian.security libv8-3.14-3.14.5.8/debian/README.Debian.security
--- libv8-3.14-3.14.5.8/debian/README.Debian.security	1970-01-01 00:00:00.000000000 +0000
+++ libv8-3.14-3.14.5.8/debian/README.Debian.security	2015-02-13 05:58:55.000000000 +0000
@@ -0,0 +1,17 @@
+The security team has decided that this package will not receive
+security support for Jessie which makes the package suitable only
+for trusted content. 
+
+The decision has been made due to the amount of already outstanding
+known vulnerabilities [1] and the maintainer team's forecasted lack of
+manpower to deal with new and existing security problems.
+
+Providing security support for the package is not impossible but
+requires people who can back-port and review security related fixes
+from upstream's source code repository. If you would like to see full
+security support for libv8 [2] in Jessie+1, please consider joining the
+maintainer team or help them in other ways.
+
+
+[1] https://security-tracker.debian.org/tracker/source-package/libv8
+[2] https://packages.qa.debian.org/libv/libv8-3.14.html
\ No newline at end of file
_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to