Control: severity -1 minor Hi
On Thu, Jan 07, 2021 at 10:58:03PM +0100, Philippe Coval wrote: > Package: iotjs > Followup-For: Bug #977736 > > Dear Maintainer, > > As iotjs's Debian maintainer, > I have forwarded this issue to upstream tracker: > > https://github.com/jerryscript-project/iotjs/issues/1955 > > But, It looks like that "main_print_unhandled_exception" function is in > jerryscript CLI program not in the library that iotjs link with > > It can be easily verified using: > > readelf -Wsa /usr/bin/iotjs | grep print_ > > 610: 0000000000020030 1 FUNC GLOBAL DEFAULT 14 print_stacktrace > 776: 000000000006afa0 16 FUNC GLOBAL DEFAULT 14 > jerry_port_print_char > > So I think this scanner is a false positive. > > I don't know if upstream iotjs plan to jerryscript soon > and IMHO, it is not worthy of backporting the related patch > because it wont be compiled. Okay indeed, while it might affect the source code itself it seems not for th binary package, in particular so as you found for the iotjs use (and it does not compile main-utils.c). I'm doing two things. Downgrade the severity to minor, I think the bug just can be closed once upstream rebased the JerryScripts copy to the version including the fix. Marking it as unimportant in the security-tracker indicating it does not affect at all the iotjs produced binary packages. I do agree that there is no sense in backporting the related patch to iotjs. Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
