CVE-2020-8859 for elog, should we support it?
Hi team
While triaging today I noticed this rather old CVE. The elog package
is clearly vulnerable (at least when looking through the source code).
However I noticed that elog is removed (exists in buster and bullseye
though) and it has a very low popcon score.
Is it worth fixing?
If not, we should say that this package is unsupported.
Cheers
// Ola
--
--- Inguza Technology AB --- MSc in Information Technology ----
| ola@inguza.com opal@debian.org |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
---------------------------------------------------------------
Reply to: