Hi fellow LTS members
Today I had a look at spotweb. There is one CVE on it and that problem is a SQL injection vulnerability that unauthenticated users can make.
The question is whether it is worth fixing? It has been marked as no-dsa (Minor Issue) for buster, meaning that Debian security team has decided to not do anything about it. The maintainer is unlikely to do anything either since it does not exist in unstable.
The number of users are very low according to popcorn.
For now I have marked it as no-dsa, following the security team decision. If someone else think my decision should be reverted, please go ahead. If so we should fix buster as well, especially since it has the same version. In that case I guess it will be using a point release or by convincing the security team that a DSA should be issued.
Cheers
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
---------------------------------------------------------------