On Tue, Mar 16, 2021 at 06:06:28PM +0100, Léo Le Bouter wrote: > The CVE-2021-24032 is Base Score: 9.1 CRITICAL - which is exceptionally > high so fixing it is an absolute necessity in any branch.
This is off-topic, but I think that CVE scoring is not really that useful. This bug is a local TOCTOU race which is bad but hardly critical, IMO. For something to be critical, it should enable remote execution of arbitrary code.
signature.asc
Description: PGP signature
