Is considering marking CVE-2023-7216 as rejected on NVD?

Peng Mon, 04 Mar 2024 02:44:55 -0800

CVE-2023-7216  has been rejected by the cpio's upstream community , cpio 
maintainer don't think it's a bug. 
Is the Red Hat community considering marking CVE-2023-7216 as rejected on 
NVD:https://nvd.nist.gov/vuln/detail/CVE-2023-7216 ? 
 
If the Red Hat community insists that CVE-2023-7216 is a bug, does the Red Hat 
community have a fix?


Regards,
Peng




------------------&nbsp;????????&nbsp;------------------
??????:                                                                         
                                               "Sergey Poznyakoff"              
                                                                      
<g...@gnu.org.ua&gt;;
????????:&nbsp;2024??3??2??(??????) ????9:53
??????:&nbsp;"Peng"<2773414...@qq.com&gt;;
????:&nbsp;"bug-cpio"<bug-cpio@gnu.org&gt;;"ntait"<nt...@redhat.com&gt;;"mrehak"<mre...@redhat.com&gt;;
????:&nbsp;Re: Re:Is there a fix for this CVE-2023-7216?



Peng <2773414...@qq.com&gt; ha escrit:

&gt;    First of all, I would like to confirm with you, do you accept
&gt;    CVE-2023-7216? Is CVE-2023-7216 a bug or is it the default
&gt;    behavior of cpio software?

It is a normal behavior.&nbsp; Please use the --no-absolute-filenames option
to avoid it, if it is not desired.

Regards,
Sergey

Is considering marking CVE-2023-7216 as rejected on NVD?

Reply via email to