package: debian-security-support
x-debbugs-cc: debian-lts@lists.debian.org
On Wed, Jul 03, 2019 at 02:59:39PM +0200, Sylvain Beucler wrote:
> I just discovered this while triaging node-fstream:
> https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html#libv8
> https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#libv8
>
> "Unfortunately, this means that libv8-3.14, nodejs, and the associated
> node-* package ecosystem should not currently be used with untrusted
> content, such as unsanitized data from the Internet.
> In addition, these packages will not receive any security updates during
> the lifetime of the Jessie release."
ouch.
> I'm surprised that `grep -ir node` doesn't find any match in the
> 'debian-security-support' repo.
> Did I miss something or is it something we should do?
see above & thanks! :)
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature