Hello Thomas, Thanks for your update. I decided to have a look on this bug because it seemed quite easy to fix it: upstream patch was available and small anough for me. Unfortunatly, I'm sure I'll be able to deal with lib8-3.14. The more I dig into, the less I understand (more or less) :)
I'll try anyway, Regards, Jean Baptiste On 15/11/2014 20:44, Thomas Viehmann wrote: > Hi Jean Baptiste, > > thank you for looking into this. > Note that the changelog entries for nodejs 0.10.31 and .32 include > v8: backport CVE-2013-6668 > v8: fix a crash introduced by previous release > If libv8 in Debian is affected by those, you might also consider also > backporting those fixes when preparing a new v8 package. > > (Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for > SSLv2/3 by default", not sure whether the release team would let > something like that through.) > > Best regards > > Thomas
signature.asc
Description: OpenPGP digital signature