[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: jetty CVE triage: jetty8 ignored?

B0;115;0cOn Thu, Jul 05, 2018 at 05:24:22PM +0200, Ola Lundqvist wrote:
> Hi Sebastian
> 
> With this reasoning we cannot assume that a later release include fixes for
> earlier releases for any package. Jetty seems to be actively and sanely
> maintained so I think the risk you point out is very low.
> But you are right, this could be the case for a badly maintained package.

It's all open source, I suggest you simply look at the packages instead
of making assumptions.

Cheers,
        Moritz
Reply to: