[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pluxml issues are questionable, request for advice

On Wed, Dec 16, 2020 at 07:36:19AM +0100, Ola Lundqvist wrote:
> Hi LTS team
> I have checked two of the pluxml issues
> CVE-2020-18184
>  This vulnerability is questioned upstream.
> The question is how this should be marked:
> - no-dsa minor issue?
> - ignored?

"not a vulnerability" or "no security impact" is usually marked 
"unimportant", see e.g.

For pluxml the same CVEs are "vulnerable" in stable+unstable and with RC 
bug #973382 open, the security team should know best how to handle this
based on your analysis.

> Best regards
> // Ola


Reply to: