[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Triage advice for CVE-2020-8492

Hi fellow LTS development team

I'm not sure how to handle CVE-2020-8492. It is a client side vulnerability and what it can cause it CPU load issue (on the client side as I understand). I can not really see how it can be exploited in any normal client. Sure if the attacker creates new python code it can, but then it can do that anyway because an infinite loop is quite easy to do in any python code.

So I think it is probably a minor issue, but I would like to check with others for an opinion,.

For now I have marked as ignored, but if people have good arguments I will change my mind.

Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: