[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ring





On 10.10.23 11:53, Bastien Roucariès wrote:

All of that said, it is interesting to me that fairly recently (at the
end of August) the ring package in buster was updated to fix 23 CVEs,
but this particular CVE was left open. Perhaps it would be worthwhile to
find out from Thorsten (who prepared the most recent update) why that
decision was made.
Thorsten could you hint use about this bug on buster ?

On the one hand the fix for the other CVEs took quite some time and on the other hand the patch for this CVE didn't look that easy, so I uploaded with the last CVE left open. It is "just" a DoS and a rather old CVE, so I was afraid that my patch would do more damage than good. Moreover I am not an openssl expert, so we are where we are now.

  Thorsten


Reply to: