[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


Hi fellow LTS and extended LTS development teams

I have looked a little into CVE-2019-16935. My conclusion is that the package is vulnerable but I could not really judge its severity. I have a question though. If we find that we should correct it, shouldn't we correct also jython and pypy-lib in that case?

The problem is in DocXMLRPCServer.py and that file exist also in the other two packages. Or should we assume there will be a different CVE for those packages?


Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: