Hi Jean Baptiste,
thank you for looking into this.
Note that the changelog entries for nodejs 0.10.31 and .32 include
v8: backport CVE-2013-6668
v8: fix a crash introduced by previous release
If libv8 in Debian is affected by those, you might also consider also
backporting those fixes when preparing a new v8 package.
(Elsewhere in NodeJS .33 there is "crypto: Disable autonegotiation for
SSLv2/3 by default", not sure whether the release team would let
something like that through.)
Best regards
Thomas
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
