[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC - mark CVE-2017-18641/lxc as <no-dsa> or <ignored>?



El 04/03/20 a las 21:09, Roberto C. Sánchez escribió:
> On Wed, Feb 26, 2020 at 10:33:22AM -0500, Roberto C. Sánchez wrote:
> > Hello all,
> > 
> > I've been doing some work on CVE-2017-18641/lxc to understand the
> > precise nature of the vulnerability and potential approaches to fixing
> > it.  It seems not possible to fix the vulnerability, so I'd like to make
> > a recommendation on how to handle it.
> > 
> > Recommendation:
> > 
> > I would like to mark CVE-2017-18641/lxc as <no-dsa> (or <ignored> if
> > that would be more appropriate).  Absent any feedback to the contrary or
> > alternate suggestions, I will mark the vulnerability as <no-dsa> for
> > jessie within about a week.
> > 
> I have taken the above described action in security-tracker commit
> 7b46dadd7a6555db4518a1f0295eb82ce1f89eaf.

I am following the same rationale for lxc/stretch. I will mark
CVE-2017-18641 as <ignored>.

Cheers,

 -- Santiago

Attachment: signature.asc
Description: PGP signature


Reply to: