Hi, On Thu, Jan 19, 2023 at 04:56:44PM -0500, Ben Westover wrote: > Hello, > > The CVE description states that versions 0.12.0 - 0.21.1 are vulnerable, but > this package is currently version 22.0. Can this bug be closed?
A CVE description might only refer to a specific point in time's state and might not be accurate. It needs first to be confirmed the issue would be fixed in 0.22.0. What are the references confirming the CVE is fixed in 0.22.0? Can you refer to them so we can re-check? Regards, Salvatore
