Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?

To: debian-lts@lists.debian.org
Subject: Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 27 Feb 2020 01:57:07 -0000
Message-id: <[🔎] b2f297f2-c14d-401c-91c9-7a7db0c7e9c1@www.fastmail.com>
In-reply-to: <[🔎] 20200226153322.GD4150@connexer.com>
References: <[🔎] 20200226153322.GD4150@connexer.com>

Hi Roberto,

> The second point, to me anyways, significantly reduces the severity of
> the vulnerability.  That, paired with the infeasibility of implementing
> upstream's fix, led me to the above recommendation of <no-dsa> for this
> vulnerability.

Thank you for your careful and detailed analysis of the situation. I
would agree with your conclusion. I would only add that it is a shame
that this issue was known for many years.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk
       `-

Reply to:

References:
- RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
Next by Date: Re: paid LTS work imposing load on volunteers and other side effects (Re: zsh_5.0.7-5+deb8u1_amd64.changes REJECTED)
Previous by thread: Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
Index(es):
- Date
- Thread