Hi all, On Sa 26 Okt 2013 10:26:18 CEST, Mike Gabriel wrote:
Hi Alex ----- Original message -----On Sat, 26 Oct 2013, Jan Wagner wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi Mike, > > Am 25.10.13 10:58, schrieb Mike Gabriel: > > Planned security updates: nodejs 0.10.21 (because of > > CVE-2013-4450) immediately once it has hit testing. > > you know there are exceptions for security fixes? > > http://backports.debian.org/Contribute/: > > "To guarantee an upgrade path from stable+backports to the next > stable, the package should be in testing.. Of course there are some > exceptions: Security updates. If your package had a security update > you can upload a new backport even if its not yet in testing." Indeed, but node.js is not in backports yes, so there is no exception.Yes, nodejs is in backports since yesterday. I will prepare the security update to 0.10.21 on Monday at the latest.
I have just uploaded nodejs 0.10.21~dfsg1-1 to wheezy-bpo. This is a security upload.
""" CVE-2013-4450The HTTP server in Node.js 0.10.x before 0.10.21 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
""" Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
binBIJpQ43ndA.bin
Description: =?utf-8?b?w5ZmZmVudGxpY2hlciA=?= =?utf-8?b?UEdQLVNjaGzDvHNzZWw=?=
Attachment:
pgpoMvLG4S8Ih.pgp
Description: Digitale PGP-Signatur