Hi Moritz
If you read the mail chain you can see that I have alread analyzed the two CVEs. So it is already done.
Is it so that you think we should reanalyze entries from 2009 as well, or?
/ Ola
B0;115;0cOn Thu, Jul 05, 2018 at 05:24:22PM +0200, Ola Lundqvist wrote:
> Hi Sebastian
>
> With this reasoning we cannot assume that a later release include fixes for
> earlier releases for any package. Jetty seems to be actively and sanely
> maintained so I think the risk you point out is very low.
> But you are right, this could be the case for a badly maintained package.
It's all open source, I suggest you simply look at the packages instead
of making assumptions.
Cheers,
Moritz