Hi
I have a question about CVE-2017-8364 for rzip. I can see that this was marked as no-dsa (Minor Issue) for jessie and would like to know what the reasoning is behind this.
I'm asking as the Debian bug report #861614 is marked as grave with motivation that it could be a write overflow as well but that it has not been investigated further.
Do this no-dsa mean that this has actually been investigated further and that bug #861614 should be marked as important instead?
I'm asking as I need to classify this for Debian LTS as well and so far I'm not 100% convinced that the no-dsa for jessie is correct.
Best regards
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------