Re: gitea: Remove TODO as the CVEs are fixed in the update

To: Antonio Huete Jimenez <tuxillo%quantumachine.net@localhost>
Subject: Re: gitea: Remove TODO as the CVEs are fixed in the update
From: Leonardo Taccari <leot%NetBSD.org@localhost>
Date: Tue, 13 Nov 2018 09:15:41 +0100

Hello Antonio,

Antonio Huete Jimenez writes:
> [...]
> Log Message:
> gitea: Remove TODO as the CVEs are fixed in the update
> [...]
> --- a/gitea/TODO
> +++ /dev/null
> @@ -1,2 +0,0 @@
> -This package has known vulnerabilities, please investigate and fix if possible:
> -  CVE-2018-15192, CVE-2018-18926

Thanks for updating it!

CVE-2018-18926 - despite the description of the CVE - seems fixed in
1.5.3 so it's okay to delete it (upstream issue #5140 and upstream pull
request #5177).
However, CVE-2018-15192 seems still not fixed (upstream issue #4624).
Am I missing something or should the part about CVE-2018-15192 put
back so that users are informed about it?

Thank you!

Follow-Ups:
- Re: gitea: Remove TODO as the CVEs are fixed in the update
  - From: Antonio Huete Jiménez

References:
- gitea: Remove TODO as the CVEs are fixed in the update
  - From: Antonio Huete Jimenez

Prev by Date: py-pysam: Python module for reading, manipulating and writing genomic data
Next by Date: bcftools: Use biology/htslib instead of wip/htslib
Previous by Thread: gitea: Remove TODO as the CVEs are fixed in the update
Next by Thread: Re: gitea: Remove TODO as the CVEs are fixed in the update
Indexes:

Home | Main Index | Thread Index | Old Index