Hi Moritz, > I've never used that myself either, but reading up on the documentation > it's so full of caveats that I doubt these are really severe issues. Unless > someone has credible clams of the contrary I'm inclined to mark these as > no-dsa for stretch. Thanks. We'll go for no-dsa in jessie as well. I see you have marked CVE-2016-10745 no-dsa in stretch but not CVE-2019-10906. Fixing CVE-2019-10906 without CVE-2016-10745 does not make much sense to me, so I assumed it was oversight and marked CVE-2019-10906 no-dsa in stretch as well. cheers, Hugo -- Hugo Lefeuvre (hle) | www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
Attachment:
signature.asc
Description: PGP signature