package: debian-security-support x-debbugs-cc: debian-lts@lists.debian.org On Wed, Jul 03, 2019 at 02:59:39PM +0200, Sylvain Beucler wrote: > I just discovered this while triaging node-fstream: > https://www.debian.org/releases/oldstable/amd64/release-notes/ch-information.en.html#libv8 > https://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#libv8 > > "Unfortunately, this means that libv8-3.14, nodejs, and the associated > node-* package ecosystem should not currently be used with untrusted > content, such as unsanitized data from the Internet. > In addition, these packages will not receive any security updates during > the lifetime of the Jessie release."
ouch.
> I'm surprised that `grep -ir node` doesn't find any match in the
> 'debian-security-support' repo.
> Did I miss something or is it something we should do?
see above & thanks! :)
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
