Hey all, On Wed, Aug 03, 2022 at 03:51:03PM +0000, Debian Bug Tracking System wrote: > On Sat, 28 May 2022 18:36:29 +0200 Sylvain Beucler <b...@beuc.net> wrote: > > It appears librecad is not affected (all dists): > > > > - the package uses system dxflib, cf. debian/patches/debian_build.patch > > > > - while there appears to be similar vulnerable code in > > libraries/jwwlib/src/dl_jww-copy.cpp (grep for 'groupCode==42'), this > > particular file is not used in the build process AFAICT > > > > Can you confirm and update the security tracker accordingly? > > I marked CVE-2021-21897 as <not-affected> in the security tracker and I'm > closing this bug.
Actually I believe this should be either: - kept unfixed, as the source is affected but mark it as (unimportant) as it has no relevance for the binary packages built - drop the entry completely (see previous examples commited by jmm on that matter hen the embedded source had no security impact at all to the source package mentioned). Regards, Salvatore