[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: gitea: Remove TODO as the CVEs are fixed in the update
Yeah, you are right. We should put back CVE-2018-15192 into the TODO
file. It's not fixed.
Sorry, I should've checked better.
Leonardo Taccari <leot%netbsd.org@localhost> escribió:
Antonio Huete Jimenez writes:
gitea: Remove TODO as the CVEs are fixed in the update
@@ -1,2 +0,0 @@
-This package has known vulnerabilities, please investigate and fix
- CVE-2018-15192, CVE-2018-18926
Thanks for updating it!
CVE-2018-18926 - despite the description of the CVE - seems fixed in
1.5.3 so it's okay to delete it (upstream issue #5140 and upstream pull
However, CVE-2018-15192 seems still not fixed (upstream issue #4624).
Am I missing something or should the part about CVE-2018-15192 put
back so that users are informed about it?
Main Index |
Thread Index |