Re: minor issues (wavpack)

To: Brian May <bam@debian.org>, debian-lts@lists.debian.org
Subject: Re: minor issues (wavpack)
From: Abhijith PA <abhijith@disroot.org>
Date: Mon, 22 Jul 2019 16:07:40 +0530
Message-id: <[🔎] dbc9ab1e-994c-d6e9-5c76-0656907b738e@disroot.org>
In-reply-to: <[🔎] 87ef2ipl9j.fsf@silverfish.pri>
References: <[🔎] 87ef2ipl9j.fsf@silverfish.pri>

Hi,

On 22/07/19 1:13 pm, Brian May wrote:
> I am a bit unclear when we should be some issues, and when we should be
> marking them as no-DSA (or similar).
> 
> For example, webpack was three issues:
> 
> - CVE-2019-1010315: divide by zero
> - CVE-2019-1010317: use of uninitialized memory.
> - CVE-2019-1010319: use of uninitialized memory.
> 
> All three issues have been marked no-DSA by the security team. Does that
> mean we should do the same thing?
> 
> I don't think there is any proven direct security vulnerabilty (other
> then maybe a DOS attack by killing a remote service), however that does
> not mean there isn't a security vulnerabilty, especially for the 2nd two
> CVEs.
> 

If you see it as trivial. You can mark as <postponed> and can fix with
later updates.


--abhijith.

Reply to:

References:
- minor issues (wavpack)
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Advice for building tomcat8 on jessie?
Next by Date: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity
Previous by thread: minor issues (wavpack)
Next by thread: Re: minor issues (wavpack)
Index(es):
- Date
- Thread