Hi Salvatore, Le mercredi 30 mars 2022 à 20:59 +0200, Salvatore Bonaccorso a écrit : > Whee does this information come from that this issue is fixed in > 1.5.22 upstream?
It’s what upstream changelog for 1.5.22 says: https://salsa.debian.org/science-team/libmatio/-/blob/master/NEWS#L6 > The OSV-2020-799.yaml cannot be taken into account because it was > marked as such as consequence of > https://github.com/google/oss-fuzz-vulns/issues/12 as far i can see. > Actually it looks that tbeu considers it invalid issue? If this turned > not to be true, what is the fix? If upstream is wrong, then I have no idea what would be the fix. Best wishes, -- ⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot ⣾⠁⢠⠒⠀⣿⡁ Debian Developer ⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name ⠈⠳⣄⠀⠀⠀⠀ https://www.debian.org
signature.asc
Description: This is a digitally signed message part
