-3.14 (3.14.5.8-8.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Add README.Debian.security documenting the lack of security support for
+this package for jessie (closes: #775715).
+
+ -- Michael Gilbert mgilb...@debian.org Fri, 13 Feb 2015 05:59:08 +
+
libv8-3.14 (3.14.5.8
package: libv8-3.14
version: 3.14.5.8-8
severity: grave
tags: security
Hi, the security team has decided that this package will not receive
security support for jessie. This has already been documented in the
debian-security-support package for about two months:
libv8-3.14 Not covered by
On Sun, Dec 21, 2014 at 5:31 AM, Jérémy Lal wrote:
Le samedi 20 décembre 2014 à 22:07 -0500, Michael Gilbert a écrit :
package: src:nodejs
CVE-2014-7192[0],[1]:
| Eval injection vulnerability in index.js in the syntax-error package
| before 1.1.1 for Node.js 0.10.x, as used in IBM Rational
package: src:libv8-3.14
severity: grave
tags: security
Hi,
the following vulnerabilities were published for libv8-3.14.
CVE-2013-2632[0]:
| Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3,
| allows remote attackers to cause a denial of service (application
| crash) or
On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote:
Hi Mike,
On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert
wrote:
control: severity -1 important
There is no security support for libv8 in jessie, so security issues aren't
RC.
Could you please add some links to explain that?
I
On Sat, Dec 20, 2014 at 6:15 AM, Adam D. Barratt wrote:
On Sat, 2014-12-20 at 11:48 +0100, Jonas Smedegaard wrote:
[sent again, cc correct list address this time]
Quoting Michael Gilbert (2014-12-20 11:06:47)
On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote:
On Fri, 19 Dec 2014 21:11
package: src:nodejs
severity: important
tags: security
Hi,
the following vulnerability was published for nodejs.
CVE-2014-7192[0],[1]:
| Eval injection vulnerability in index.js in the syntax-error package
| before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application
| Developer and
control: severity -1 important
There is no security support for libv8 in jessie, so security issues aren't RC.
Best wishes,
Mike
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
On Mon, Mar 4, 2013 at 10:39 AM, Moritz Muehlenhoff wrote:
Package: libv8
Severity: grave
Tags: security
Justification: user security hole
The previous Chrome release fixed two security issues in libv8:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5153
control: reopen -1
* Several of the .swf files are now built from source and the rest have
been removed from the package. (Closes: #591199)
This seems to be incorrect about 2.9.0-1. The following pre-built swf
files still exist in the upstream tarball.
./examples/storage/swfstore.swf
10 matches
Mail list logo