Re: Plans for remediation of CVE-2018-20796
Hi,
On 2022-04-08 20:23, Newell, Matthew wrote:
> Are there currently any plans to resolve CVE-2018-20796 within the Debian glibc package?
No. This is CVE is not considered as a vulnerability by upstream or
Debian, so no fix exist for it and nobody is working on it. It's very
unlikely to be fixed.
> I am attempting to determine estimated remediation time (if any) to determine how to handle this CVE within my organization. Please let me know if you need any additional information.
>
> Related security tracker link: https://security-tracker.debian.org/tracker/CVE-2018-20796
On that link you will see at the bottom the reason why it is not treated
as a vulnerability.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: