I think this sounds like a good plan.

Sent from a phone

Den fre 6 apr 2018 11:06Brian May <b...@debian.org> skrev:

> Ola Lundqvist <o...@inguza.com> writes:
>
> > This is what I think we should do.
> >
> > 1) Send a new DLA telling that the fix is only partial and not complete
> and
> > in addtion that elgamal encryption is not supported by the library and
> > should not be used.
> >
> > 2) Mark the CVE as no-dsa/ignored in the security database.
>
> If so, do we update the DLA 1283-1 to remove the fixed status? I assume
> we just have to update the entry in security-tracker/data/DLA/list?
>
> In any case, it seems like a good plan. Unless there are any objections,
> I will do this next Monday.
> --
> Brian May <b...@debian.org>
>

Reply via email to