Re: CVE-2020-8859 for elog, should we support it?
Hi Security team,
On Wed, May 18, 2022 at 2:05 AM Ola Lundqvist <ola@inguza.com> wrote:
> If you think we should support the package I'll add it to
> dla-needed. From the description it looks like one can trigger
> a denial of service without being authenticated. That sounds
> pretty severe to me.
I'll just go ahead and reserve an update for stretch then. Do you
think this is something that'd warrant a DSA, too? If not, I'll just
open -pu bugs and get 'em dome.
- u
Reply to: