[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

minor issues (wavpack)

I am a bit unclear when we should be some issues, and when we should be
marking them as no-DSA (or similar).

For example, webpack was three issues:

- CVE-2019-1010315: divide by zero
- CVE-2019-1010317: use of uninitialized memory.
- CVE-2019-1010319: use of uninitialized memory.

All three issues have been marked no-DSA by the security team. Does that
mean we should do the same thing?

I don't think there is any proven direct security vulnerabilty (other
then maybe a DOS attack by killing a remote service), however that does
not mean there isn't a security vulnerabilty, especially for the 2nd two
Brian May <bam@debian.org>

Reply to: