[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: minor issues (wavpack)


On 22/07/19 1:13 pm, Brian May wrote:
> I am a bit unclear when we should be some issues, and when we should be
> marking them as no-DSA (or similar).
> For example, webpack was three issues:
> - CVE-2019-1010315: divide by zero
> - CVE-2019-1010317: use of uninitialized memory.
> - CVE-2019-1010319: use of uninitialized memory.
> All three issues have been marked no-DSA by the security team. Does that
> mean we should do the same thing?
> I don't think there is any proven direct security vulnerabilty (other
> then maybe a DOS attack by killing a remote service), however that does
> not mean there isn't a security vulnerabilty, especially for the 2nd two
> CVEs.

If you see it as trivial. You can mark as <postponed> and can fix with
later updates.


Reply to: