Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?

To: debian-lts@lists.debian.org
Subject: Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?
From: Roberto C. Sánchez <roberto@debian.org>
Date: Wed, 4 Mar 2020 21:09:02 -0500
Message-id: <[🔎] 20200305020902.GP5317@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
In-reply-to: <20200226153322.GD4150@connexer.com>
References: <20200226153322.GD4150@connexer.com>

On Wed, Feb 26, 2020 at 10:33:22AM -0500, Roberto C. Sánchez wrote:
> Hello all,
> 
> I've been doing some work on CVE-2017-18641/lxc to understand the
> precise nature of the vulnerability and potential approaches to fixing
> it.  It seems not possible to fix the vulnerability, so I'd like to make
> a recommendation on how to handle it.
> 
> Recommendation:
> 
> I would like to mark CVE-2017-18641/lxc as <no-dsa> (or <ignored> if
> that would be more appropriate).  Absent any feedback to the contrary or
> alternate suggestions, I will mark the vulnerability as <no-dsa> for
> jessie within about a week.
> 
I have taken the above described action in security-tracker commit
7b46dadd7a6555db4518a1f0295eb82ce1f89eaf.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Prev by Date: Re: addressing CVE-2018-1311/XERCESC-2188
Next by Date: Re: addressing CVE-2018-1311/XERCESC-2188
Previous by thread: Re: addressing CVE-2018-1311/XERCESC-2188
Next by thread: LTS updates in disapperars in archivied versions
Index(es):
- Date
- Thread