Hi fellow LTS and extended LTS development teams I have looked a little into CVE-2019-16935. My conclusion is that the package is vulnerable but I could not really judge its severity. I have a question though. If we find that we should correct it, shouldn't we correct also jython and pypy-lib in that case?
The problem is in DocXMLRPCServer.py and that file exist also in the other two packages. Or should we assume there will be a different CVE for those packages? https://packages.debian.org/search?searchon=contents&keywords=DocXMLRPCServer.py&mode=exactfilename&suite=oldstable&arch=any Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
