El 04/03/20 a las 21:09, Roberto C. Sánchez escribió: > On Wed, Feb 26, 2020 at 10:33:22AM -0500, Roberto C. Sánchez wrote: > > Hello all, > > > > I've been doing some work on CVE-2017-18641/lxc to understand the > > precise nature of the vulnerability and potential approaches to fixing > > it. It seems not possible to fix the vulnerability, so I'd like to make > > a recommendation on how to handle it. > > > > Recommendation: > > > > I would like to mark CVE-2017-18641/lxc as <no-dsa> (or <ignored> if > > that would be more appropriate). Absent any feedback to the contrary or > > alternate suggestions, I will mark the vulnerability as <no-dsa> for > > jessie within about a week. > > > I have taken the above described action in security-tracker commit > 7b46dadd7a6555db4518a1f0295eb82ce1f89eaf. I am following the same rationale for lxc/stretch. I will mark CVE-2017-18641 as <ignored>. Cheers, -- Santiago
Attachment:
signature.asc
Description: PGP signature