Le ven. 27 févr. 2026 à 21:10, Bastien Roucaries <[email protected]> a écrit :
> Le vendredi 27 février 2026, 20:31:18 heure normale d’Europe centrale > Jérémy Lal a écrit : > > Hi, > > > > if anyone is interested, I need help with maintaining the security > updates > > for nodejs. > > https://security-tracker.debian.org/tracker/source-package/nodejs > > > > It's about carefully reading the upstream changelog, identify commits, > > backport them > > as patches, (and thanks to salsa/debusine tools, builds can be tested > > even if you have a low-end laptop), properly mention the CVE and close > bugs > > in the > > changelog, and submit a debdiff to the security team (who eventually > > answer, because > > they are overbooked) and then upload. > > > > A straightforward and initiative job ;) > > > > Jérémy > > I will help It might be a good idea to make a thread about this - after all, nowadays any public exchange end up as documentation, thanks to LLM. So let's identify the upstream commits for the CVEs... This will probably also show if some of them don't actually apply, because nodejs debian package uses system libraries which are already patched. > > > > > PS: please avoid answering to comment on my wording. I'm not a native > > english speaker. > > > >
