[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Why CVE-2017-8364 was marked as no-dsa?


I have a question about CVE-2017-8364 for rzip. I can see that this was marked as no-dsa (Minor Issue) for jessie and would like to know what the reasoning is behind this.

I'm asking as the Debian bug report #861614 is marked as grave with motivation that it could be a write overflow as well but that it has not been investigated further.

Do this no-dsa mean that this has actually been investigated further and that bug #861614 should be marked as important instead?

I'm asking as I need to classify this for Debian LTS as well and so far I'm not 100% convinced that the no-dsa for jessie is correct.

Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: