Hi again Today I looked at the freeimage package that we have in dla-needed. My conclusion is that we have 19 CVEs postponed with motivation "revisit when fixed upstream" and 23 CVEs that are in bullseye declared as no-dsa with the same motivation.
Since we have this postpone decision for the 19 CVEs we should declare the rest as postponed as well. This means that the package should go away from dla-needed after such an operation. Or am I reasoning in the wrong way? In fact I think all the ones with local DoS class should be declared "low" severity. If I do not hear anything about this I will change this in the way I describe above. Cheers // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | [email protected] [email protected] | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
