[Pkg-javascript-devel] Bug#775715: Bug#775715: libv8-3.14: limiting security support

-3.14 (3.14.5.8-8.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add README.Debian.security documenting the lack of security support for +this package for jessie (closes: #775715). + + -- Michael Gilbert mgilb...@debian.org Fri, 13 Feb 2015 05:59:08 + + libv8-3.14 (3.14.5.8

[Pkg-javascript-devel] Bug#775715: libv8-3.14: limiting security support

package: libv8-3.14 version: 3.14.5.8-8 severity: grave tags: security Hi, the security team has decided that this package will not receive security support for jessie. This has already been documented in the debian-security-support package for about two months: libv8-3.14 Not covered by

[Pkg-javascript-devel] Bug#773623: nodejs: CVE-2014-7192

On Sun, Dec 21, 2014 at 5:31 AM, Jérémy Lal wrote: Le samedi 20 décembre 2014 à 22:07 -0500, Michael Gilbert a écrit : package: src:nodejs CVE-2014-7192[0],[1]: | Eval injection vulnerability in index.js in the syntax-error package | before 1.1.1 for Node.js 0.10.x, as used in IBM Rational

[Pkg-javascript-devel] Bug#773671: libv8-3.14: multiple security issues

package: src:libv8-3.14 severity: grave tags: security Hi, the following vulnerabilities were published for libv8-3.14. CVE-2013-2632[0]: | Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, | allows remote attackers to cause a denial of service (application | crash) or

[Pkg-javascript-devel] Bug#760385: Fix for CVE-2014-5256

On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: Hi Mike, On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote: control: severity -1 important There is no security support for libv8 in jessie, so security issues aren't RC. Could you please add some links to explain that? I

[Pkg-javascript-devel] Bug#760385: lowering severity of bugs not tracked by release team

On Sat, Dec 20, 2014 at 6:15 AM, Adam D. Barratt wrote: On Sat, 2014-12-20 at 11:48 +0100, Jonas Smedegaard wrote: [sent again, cc correct list address this time] Quoting Michael Gilbert (2014-12-20 11:06:47) On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: On Fri, 19 Dec 2014 21:11

[Pkg-javascript-devel] Bug#773623: nodejs: CVE-2014-7192

package: src:nodejs severity: important tags: security Hi, the following vulnerability was published for nodejs. CVE-2014-7192[0],[1]: | Eval injection vulnerability in index.js in the syntax-error package | before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application | Developer and

[Pkg-javascript-devel] Bug#760385: Fix for CVE-2014-5256

control: severity -1 important There is no security support for libv8 in jessie, so security issues aren't RC. Best wishes, Mike ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org

[Pkg-javascript-devel] Bug#702261: libv8: CVE-2012-5153 CVE-2013-0836

On Mon, Mar 4, 2013 at 10:39 AM, Moritz Muehlenhoff wrote: Package: libv8 Severity: grave Tags: security Justification: user security hole The previous Chrome release fixed two security issues in libv8: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153

[Pkg-javascript-devel] Bug#591199: yui: does not build swf files from source

control: reopen -1 * Several of the .swf files are now built from source and the rest have been removed from the package. (Closes: #591199) This seems to be incorrect about 2.9.0-1. The following pre-built swf files still exist in the upstream tarball. ./examples/storage/swfstore.swf