Hi fellow LTS developers
I have looked at hsqldb and CVE-2022-41853.
From the description it is clear that there are methods to configure the system to make it secure. The software change is to not allow any classes to be used by default.
Since this is quite possibly a breaking change I suggest we ignore this issue.
If we decide to fix it, I think we should add a special note to the DLA with description on how to handle it.
Any other thoughts?
I will soon (probably later today) add a "ignore" on this CVE for buster. If you have other suggestions, please let me know. We can always change the ignore to something else if anyone objects.
Cheers
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
---------------------------------------------------------------