Hi Xavier, On Thu, 18 Apr 2019 20:44:01 +0200 Xavier Guimard <y...@debian.org> wrote: > I updated node-superagent for Buster. Now I would like to propose the > security fix for stretch. This fixes CVE-2017-16129 (ZIP bomb attacks).
I think your patch seems to be invalid in stretch. When I ran the autopkgtests in stretch I see the error below, which is exactly the new code. Could you please have a look soon? Paul https://ci.debian.net/data/autopkgtest/stable/amd64/n/node-superagent/2285440/log.gz autopkgtest [17:53:58]: test require: [----------------------- /usr/lib/nodejs/superagent/lib/node/index.js:903 let responseBytesLeft = self._maxResponseSize || 200000000; ^^^ SyntaxError: Block-scoped declarations (let, const, function, class) not yet supported outside strict mode at exports.runInThisContext (vm.js:53:16) at Module._compile (module.js:373:25) at Object.Module._extensions..js (module.js:416:10) at Module.load (module.js:343:32) at Function.Module._load (module.js:300:12) at Module.require (module.js:353:17) at require (internal/module.js:12:17) at [eval]:1:1 at Object.exports.runInThisContext (vm.js:54:17) at Object.<anonymous> ([eval]-wrapper:6:22) autopkgtest [17:53:58]: test require: -----------------------] https://ci.debian.net/data/autopkgtest/stable/amd64/n/node-supertest/2285441/log.gz autopkgtest [17:54:01]: test require: [----------------------- /usr/lib/nodejs/superagent/lib/node/index.js:903 let responseBytesLeft = self._maxResponseSize || 200000000; ^^^ SyntaxError: Block-scoped declarations (let, const, function, class) not yet supported outside strict mode at exports.runInThisContext (vm.js:53:16) at Module._compile (module.js:373:25) at Object.Module._extensions..js (module.js:416:10) at Module.load (module.js:343:32) at Function.Module._load (module.js:300:12) at Module.require (module.js:353:17) at require (internal/module.js:12:17) at Object.<anonymous> (/usr/lib/nodejs/supertest/lib/test.js:5:15) at Module._compile (module.js:409:26) at Object.Module._extensions..js (module.js:416:10) autopkgtest [17:54:01]: test require: -----------------------]
