Re: Plans for remediation of CVE-2018-20796

To: "Newell, Matthew" <Matthew.Newell@cerner.com>
Cc: "glibc@packages.debian.org" <glibc@packages.debian.org>
Subject: Re: Plans for remediation of CVE-2018-20796
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Fri, 8 Apr 2022 23:13:28 +0200
Message-id: <YlCleIa71EY4aC/+@aurel32.net>
In-reply-to: <[🔎] CH0PR01MB712335359FF64FE44828AB4CF9E99@CH0PR01MB7123.prod.exchangelabs.com>
References: <[🔎] CH0PR01MB712335359FF64FE44828AB4CF9E99@CH0PR01MB7123.prod.exchangelabs.com>

Hi,

On 2022-04-08 20:23, Newell, Matthew wrote:
> Are there currently any plans to resolve CVE-2018-20796 within the Debian glibc package?

No. This is CVE is not considered as a vulnerability by upstream or
Debian, so no fix exist for it and nobody is working on it. It's very
unlikely to be fixed.

> I am attempting to determine estimated remediation time (if any) to determine how to handle this CVE within my organization. Please let me know if you need any additional information.
> 
> Related security tracker link: https://security-tracker.debian.org/tracker/CVE-2018-20796

On that link you will see at the bottom the reason why it is not treated
as a vulnerability.

Regards
Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Plans for remediation of CVE-2018-20796
  - From: "Newell, Matthew" <Matthew.Newell@Cerner.com>

Prev by Date: Plans for remediation of CVE-2018-20796
Next by Date: Bug#965323: postinst script deletes custom locales
Previous by thread: Plans for remediation of CVE-2018-20796
Next by thread: Bug#965323: postinst script deletes custom locales
Index(es):
- Date
- Thread