On Mon, Jan 26, 2015 at 7:58 AM, Bálint Réczey wrote: > I have added the changes in git [1] and I plan uploading the fix this week. > I will check the outstanding security issues for easily fixable ones > and include the fixes in the same upload.
I went ahead with an nmu since it's been a few weeks without an upload. Best wishes, Mike
diff -Nru libv8-3.14-3.14.5.8/debian/changelog libv8-3.14-3.14.5.8/debian/changelog --- libv8-3.14-3.14.5.8/debian/changelog 2014-05-06 19:35:22.000000000 +0000 +++ libv8-3.14-3.14.5.8/debian/changelog 2015-02-13 06:02:28.000000000 +0000 @@ -1,3 +1,11 @@ +libv8-3.14 (3.14.5.8-8.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add README.Debian.security documenting the lack of security support for + this package for jessie (closes: #775715). + + -- Michael Gilbert <mgilb...@debian.org> Fri, 13 Feb 2015 05:59:08 +0000 + libv8-3.14 (3.14.5.8-8) unstable; urgency=medium * Add 0004_hurd.patch, add Architecture: hurd-i386. diff -Nru libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs --- libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs 1970-01-01 00:00:00.000000000 +0000 +++ libv8-3.14-3.14.5.8/debian/libv8-3.14.5.docs 2015-02-13 05:58:55.000000000 +0000 @@ -0,0 +1 @@ +debian/README.Debian.security diff -Nru libv8-3.14-3.14.5.8/debian/README.Debian.security libv8-3.14-3.14.5.8/debian/README.Debian.security --- libv8-3.14-3.14.5.8/debian/README.Debian.security 1970-01-01 00:00:00.000000000 +0000 +++ libv8-3.14-3.14.5.8/debian/README.Debian.security 2015-02-13 05:58:55.000000000 +0000 @@ -0,0 +1,17 @@ +The security team has decided that this package will not receive +security support for Jessie which makes the package suitable only +for trusted content. + +The decision has been made due to the amount of already outstanding +known vulnerabilities [1] and the maintainer team's forecasted lack of +manpower to deal with new and existing security problems. + +Providing security support for the package is not impossible but +requires people who can back-port and review security related fixes +from upstream's source code repository. If you would like to see full +security support for libv8 [2] in Jessie+1, please consider joining the +maintainer team or help them in other ways. + + +[1] https://security-tracker.debian.org/tracker/source-package/libv8 +[2] https://packages.qa.debian.org/libv/libv8-3.14.html \ No newline at end of file
