[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Support of lua-cgi

Hi fellow LTS members

Today (as part of front desk work) I triaged lua-cgi and I thought that the session id vulnerabilities were rather basic and severe. So I thought that if it is a really used software it would have been found much earlier. Especially since the vulnerability have been there for some 6 years or so.
So I checked popcorn and it is not really used much. I know we cannot trust popcorn that much but there were just some 80 installations reported in total.

So I think we should probably mark lua-cgi as unsupported instead of fixing the vulnerabilities.

Any other opinion?

Who usually handle this?

Best regards

// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: