Re: Spurious CVE ID reported as open on Cherokee - NFU?
Gunnar Wolf wrote:
> Hi,
>
> The PTS reports there is a CVE open for Cherokee (CVE-2009-4587). This
> bug, however, seems to affect only Windows installs. FWIW there is
> even a note on the CVE report¹ stating it is a lack of validation bug,
> but I understand it cannot be used to crash the server in Debian.
>
> Anyway, I have not dealt with CVE reports against my packages before,
> and don't know how to close this report.
>
FTR, I talked via IRC with Gunnar. Upstream will be contacted to help
determine the real cause of the crash (AUX on MS-DOS is the serial port
device).
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: