Bug#1014166: Is this still accurate?
Hello, On January 19, 2023 5:24:06 PM EST, Salvatore Bonaccorso wrote: > A CVE description might only refer to a specific point in time's state > and might not be accurate. It needs first to be confirmed the issue > would be fixed in 0.22.0. Oh, alright. I thought that since it listed a start and end version, the CVE was fixed past the end version. > What are the references confirming the CVE is fixed in 0.22.0? Can you > refer to them so we can re-check? None. I'm not familiar with the codebase or this CVE, just passing by and wondered about that start and end version listed in the description. Thanks, -- Ben Westover signature.asc Description: PGP signature
Bug#1014166: Is this still accurate?
Hi, On Thu, Jan 19, 2023 at 04:56:44PM -0500, Ben Westover wrote: > Hello, > > The CVE description states that versions 0.12.0 - 0.21.1 are vulnerable, but > this package is currently version 22.0. Can this bug be closed? A CVE description might only refer to a specific point in time's state and might not be accurate. It needs first to be confirmed the issue would be fixed in 0.22.0. What are the references confirming the CVE is fixed in 0.22.0? Can you refer to them so we can re-check? Regards, Salvatore
Bug#1014166: Is this still accurate?
Hello, The CVE description states that versions 0.12.0 - 0.21.1 are vulnerable, but this package is currently version 22.0. Can this bug be closed? Thanks, -- Ben Westover OpenPGP_signature Description: OpenPGP digital signature