Control: tags 977467 pending Moritz Muehlenhoff wrote...
> https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/ > is for nodejs, but the underlying issue is in http-parser, which Debian's > nodejs uses. This is already fixed in experimental, if this can't be used > there's also an isolated patch at > https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b Greetings, to me, it seemed better to go forward. So I'll upload 2.9.4-1 to experimental in a few moments and trigger the transition then. Let me know if you prefer a different approach. About stable (10/buster), according to security tracker it's affected as well. Shall I go the stable point release approach? I haven't checked anything there yet, though. Christoph
signature.asc
Description: PGP signature
