Re: c-ares, CVE-2023-31147, CVE-2023-31124

To: Moritz Muehlenhoff <jmm@inutil.org>, Anton Gladky <gladk@debian.org>
Cc: debian-security@lists.debian.org, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: c-ares, CVE-2023-31147, CVE-2023-31124
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 18 Mar 2024 14:06:00 +0100
Message-id: <[🔎] 1fb8f876-69d4-455b-afca-05544313f959@debian.org>
In-reply-to: <20230623082115.GA14226@inutil.org>
References: <CALF6qJmVXsY_eKa-1UfxDP0-5CPcBqOguTD6O-_TTszgH2dOug@mail.gmail.com> <20230623082115.GA14226@inutil.org>

On 23/06/2023 10:21, Moritz Muehlenhoff wrote:

But in fact the view in the Debian security is a little misleading, given
that it displays "vulnerable" all over the place, e.g.
https://security-tracker.debian.org/tracker/CVE-2023-31147

It would be nice if that "unimportant" issues it would instead display "non issue/no impact"
instead of "vulnerable.

Seehttps://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/167


Cheers,
Emilio

Reply to:

Prev by Date: Re: Security releases for ecosystems that use static linking
Next by Date: Re: Guidance for CVE triage and listing packages in dla-needed.txt
Previous by thread: Re: Security releases for ecosystems that use static linking
Next by thread: Help
Index(es):
- Date
- Thread