Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
Hi Roberto,
> The second point, to me anyways, significantly reduces the severity of
> the vulnerability. That, paired with the infeasibility of implementing
> upstream's fix, led me to the above recommendation of <no-dsa> for this
> vulnerability.
Thank you for your careful and detailed analysis of the situation. I
would agree with your conclusion. I would only add that it is a shame
that this issue was known for many years.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org 🍥 chris-lamb.co.uk
`-
Reply to: