[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?

Hi Roberto,

> The second point, to me anyways, significantly reduces the severity of
> the vulnerability.  That, paired with the infeasibility of implementing
> upstream's fix, led me to the above recommendation of <no-dsa> for this
> vulnerability.

Thank you for your careful and detailed analysis of the situation. I
would agree with your conclusion. I would only add that it is a shame
that this issue was known for many years.

Best wishes,

     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org 🍥 chris-lamb.co.uk

Reply to: