I received confirmation that they received the results and were taking a look at them.
For the disclosure policy, as this is not precisely a "security vulnerability" but rather reports from a scanner, where we did not find anything problematic, and mariadb upstream already does coverity scanning of their repository (https://scan.coverity.com/projects/mariadb) it is unclear whether this should be reported publicly after a certain time. From the last upstream coverity report (from the link above, dated what appears to be march 2023) there were also quite a few hits from the scanner, so it is likely that mariadb upstream deemed them to be false positives. I can always follow up on this to see if mariadb has a specific disclosure policy when it comes to scanner findings. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2122096 Title: [MIR] galera-4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/galera-4/+bug/2122096/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
