Bug#760385: Fix for CVE-2014-5256

2014-12-20 Thread Balint Reczey
Hi Mike, On Sat, 20 Dec 2014 05:06:47 -0500 Michael Gilbert wrote: > On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: > > Hi Mike, > > > > On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert > > wrote: > >> control: severity -1 important > >> > >> There is no security support for libv8 in jes

Bug#760385: Fix for CVE-2014-5256

2014-12-20 Thread Jonas Smedegaard
Quoting Michael Gilbert (2014-12-20 03:11:10) > control: severity -1 important > > There is no security support for libv8 in jessie, so security issues aren't > RC. Lack of support do not change severity. Seems more appropriate to then tag as *-ignore instead. - Jonas -- * Jonas Smedegaar

Bug#760385: Fix for CVE-2014-5256

2014-12-20 Thread Michael Gilbert
On Sat, Dec 20, 2014 at 4:59 AM, Balint Reczey wrote: > Hi Mike, > > On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert > wrote: >> control: severity -1 important >> >> There is no security support for libv8 in jessie, so security issues aren't >> RC. > Could you please add some links to explain t

Bug#760385: Fix for CVE-2014-5256

2014-12-20 Thread Balint Reczey
Hi Mike, On Fri, 19 Dec 2014 21:11:10 -0500 Michael Gilbert wrote: > control: severity -1 important > > There is no security support for libv8 in jessie, so security issues aren't > RC. Could you please add some links to explain that? I was about to fix this issue in an NMU after double-checkin

Bug#760385: Fix for CVE-2014-5256

2014-12-19 Thread Michael Gilbert
control: severity -1 important There is no security support for libv8 in jessie, so security issues aren't RC. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#760385: Fix for CVE-2014-5256

2014-11-15 Thread Jean Baptiste Favre
I meant "I'm *not* sure I'll be able to deal with lib8-3.14 Sorry, Jean Baptiste On 15/11/2014 21:28, Jean Baptiste Favre wrote: > Hello Thomas, > Thanks for your update. > > I decided to have a look on this bug because it seemed quite easy to fix > it: upstream patch was available and small ano

Bug#760385: Fix for CVE-2014-5256

2014-11-15 Thread Jean Baptiste Favre
Hello Thomas, Thanks for your update. I decided to have a look on this bug because it seemed quite easy to fix it: upstream patch was available and small anough for me. Unfortunatly, I'm sure I'll be able to deal with lib8-3.14. The more I dig into, the less I understand (more or less) :) I'll tr

Bug#760385: Fix for CVE-2014-5256

2014-11-15 Thread Thomas Viehmann
Hi Jean Baptiste, thank you for looking into this. Note that the changelog entries for nodejs 0.10.31 and .32 include v8: backport CVE-2013-6668 v8: fix a crash introduced by previous release If libv8 in Debian is affected by those, you might also consider also backporting those fixes when p