Control: tag -1 - moreinfo
On Sat, Nov 23, 2019 at 06:45:27PM +0100, Julien Cristau wrote:
> Control: tag -1 moreinfo
>
> On Sat, Nov 16, 2019 at 05:36:13PM +0100, Mattia Rizzolo wrote:
> > Limnoria is affected by a security issue the security team deemed not
> > DSA-worthy. See https://security-tracker.debian.org/tracker/CVE-2019-19010
> >
> What's the test coverage like for this code, and what's the regression
> risk?
limnoria's whole code (including this plugin) is completely covered by a
comprehensive test suite. And even if there was a regression it would
be limited to this single plugin, not affecting the regular operation of
the rest of the program. For this plugin, the tests check all the
operations: https://sources.debian.org/src/limnoria/2019.11.09-2/plugins/Math/test.py/
As a test for this particular bug, since this was a bad eval(), now that
there is no eval() anymore that sufficies as a test.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature