undetermined or postponed for freeimage?

To: Debian LTS <debian-lts@lists.debian.org>
Subject: undetermined or postponed for freeimage?
From: Ola Lundqvist <ola@inguza.com>
Date: Thu, 11 Apr 2024 22:23:13 +0200
Message-id: <[🔎] CABY6=0nLC1ZONTnsrZVtd=Licp504_HzzBcB853NCd9QjM59Dw@mail.gmail.com>

Hi fellow LTS contributors

I hope you do not mind me asking but there is one thing that I would
like to check.

When I look at this CVE that was previously postponed:
https://security-tracker.debian.org/tracker/CVE-2019-12214

The information tells that the vulnerability my in fact not be in
freeimage at all.
For this I think "undetermined" tag is typically used instead of postponed.
Should I change?

I guess so, but since I'm not sure if it has any other implications I
want to check first.

We will clearly not be able to fix it in any case because we do not
have enough information to tell what the problem was in the first
place.

While I'm at it I'm removing postponed tag for a few CVEs now, because
they are postponed until patches are available and now patches are
available in fedora.

Cheers

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: undetermined or postponed for freeimage?
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: Guidance for CVE triage and listing packages in dla-needed.txt
Next by Date: Re: How to handle freeimage package
Previous by thread: Re: Expanding the scope (slightly) of dla-needed.txt
Next by thread: Re: undetermined or postponed for freeimage?
Index(es):
- Date
- Thread