[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: undetermined or postponed for freeimage?

Hi Roberto

See below.

On Fri, 12 Apr 2024 at 00:14, Roberto C. Sánchez <roberto@debian.org> wrote:
> On Thu, Apr 11, 2024 at 10:23:13PM +0200, Ola Lundqvist wrote:
> > I hope you do not mind me asking but there is one thing that I would
> > like to check.
> >
> > When I look at this CVE that was previously postponed:
> > https://security-tracker.debian.org/tracker/CVE-2019-12214
> >
> > The information tells that the vulnerability my in fact not be in
> > freeimage at all.
> > For this I think "undetermined" tag is typically used instead of postponed.
> > Should I change?
> >
> I would recommend against changing it. *We* think that it may not be an
> issue in freeimage, but that is based on Hugo's speculation. I don't
> think "undetermined" is meant to be used in this case.

Thank you. I get your point. I thought that was "not-affected" when we
are sure it is not affected.
I thought undetermined was just that, we have not been able to determine.

Cheers

// Ola

...


-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------
Reply to: