[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Propose to ignore CVE-2022-41853 for hsqldb

Hi fellow LTS developers

I have looked at hsqldb and CVE-2022-41853.

From the description it is clear that there are methods to configure the system to make it secure. The software change is to not allow any classes to be used by default.

Since this is quite possibly a breaking change I suggest we ignore this issue.
If we decide to fix it, I think we should add a special note to the DLA with description on how to handle it.

Any other thoughts?

I will soon (probably later today) add a "ignore" on this CVE for buster. If you have other suggestions, please let me know. We can always change the ignore to something else if anyone objects.


// Ola

 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

Reply to: