minor issues (wavpack)

To: debian-lts@lists.debian.org
Subject: minor issues (wavpack)
From: Brian May <bam@debian.org>
Date: Mon, 22 Jul 2019 17:43:20 +1000
Message-id: <[🔎] 87ef2ipl9j.fsf@silverfish.pri>

I am a bit unclear when we should be some issues, and when we should be
marking them as no-DSA (or similar).

For example, webpack was three issues:

- CVE-2019-1010315: divide by zero
- CVE-2019-1010317: use of uninitialized memory.
- CVE-2019-1010319: use of uninitialized memory.

All three issues have been marked no-DSA by the security team. Does that
mean we should do the same thing?

I don't think there is any proven direct security vulnerabilty (other
then maybe a DOS attack by killing a remote service), however that does
not mean there isn't a security vulnerabilty, especially for the 2nd two
CVEs.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: minor issues (wavpack)
  - From: Abhijith PA <abhijith@disroot.org>
- Re: minor issues (wavpack)
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: libsdl2-image security issues in testing
Next by Date: Re: Advice for building tomcat8 on jessie?
Previous by thread: Re: libsdl2-image security issues in testing
Next by thread: Re: minor issues (wavpack)
Index(es):
- Date
- Thread