[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2020-8859 for elog, should we support it?

Hi Security team,

On Wed, May 18, 2022 at 2:05 AM Ola Lundqvist <ola@inguza.com> wrote:
> If you think we should support the package I'll add it to
> dla-needed. From the description it looks like one can trigger
> a denial of service without being authenticated. That sounds
> pretty severe to me.

I'll just go ahead and reserve an update for stretch then. Do you
think this is something that'd warrant a DSA, too? If not, I'll just
open -pu bugs and get 'em dome.


- u
Reply to: