[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2020-36193 php-pear vs drupal7

Hi Chris

Today I looked at CVE-2020-36193 since we have php-pear in dla-needed.
Ths thing is that this CVE tells that drupal7 is also vulnerable but drupal7 is not in dla-needed.txt.

Is there any specific reason for this?
I guess there is, like drupal7 impact was realized later, or lack of time for triaging or something else.

Or should I add drupal7 as well?

I decided to ask instead of spending a lot of time trying to figure this out from git history.


// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: