Hi Roberto,
> The second point, to me anyways, significantly reduces the severity of
> the vulnerability. That, paired with the infeasibility of implementing
> upstream's fix, led me to the above recommendation of <no-dsa> for this
> vulnerability.
Thank you for your careful and detailed analysis of the situation. I
would agree with your conclusion. I would only add that it is a shame
that this issue was known for many years.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] 🍥 chris-lamb.co.uk
`-
