Reference nodejs in debian-security-support?

To: debian-lts@lists.debian.org
Subject: Reference nodejs in debian-security-support?
From: Sylvain Beucler <beuc@beuc.net>
Date: Wed, 3 Jul 2019 14:59:39 +0200
Message-id: <[🔎] 1dd5d573-b4b9-b422-81bb-d955f9af3259@beuc.net>

Hi,

I just discovered this while triaging node-fstream:
https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html#libv8
https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#libv8

"Unfortunately, this means that libv8-3.14, nodejs, and the associated
node-* package ecosystem should not currently be used with untrusted
content, such as unsanitized data from the Internet.
In addition, these packages will not receive any security updates during
the lifetime of the Jessie release."

I'm surprised that `grep -ir node` doesn't find any match in the
'debian-security-support' repo.
Did I miss something or is it something we should do?

Cheers!
Sylvain

Reply to:

Follow-Ups:
- Re: Reference nodejs in debian-security-support?
  - From: Markus Koschany <apo@debian.org>
- Bug#931376: debian-security-support: mention nodejs is not for untrusted content
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: Request for help/comments: sqlite3
Next by Date: Re: Request for help/comments: sqlite3
Previous by thread: Re: Request for help/comments: sqlite3
Next by thread: Re: Reference nodejs in debian-security-support?
Index(es):
- Date
- Thread