Hi Markus, > I think it was unclear if upstream was even aware of those bugs. The > CVEs were requested by someone who provides POCs but whether a certain > version is affected or not is not clear and if patches are available. I > would check with upstream first, forward links and POCS if necessary. In > case they already know about the problem you could save a lot of time. Thanks for your answer. I have received a few other answers off-list and plan to proceed on a case by case basis, reporting bugs to upstream, trying to get them fixed and spot duplicates. cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature