Control: severity -1 important Hi,
On 2024-12-26 09:15, Salvatore Bonaccorso wrote: > Source: percona-toolkit […] > CVE-2024-7701[0]: > | Use of Password Hash With Insufficient Computational Effort > | vulnerability in percona percona-toolkit allows Encryption Brute > | Forcing.This issue affects percona-toolkit: 3.6.0. […] > [1] https://github.com/percona/percona-toolkit/pull/896 Looks like the affected code is exclusively part of the Go source (inside /src/go) that is not built, nor distributed with the binary package, hence lowering the severity. On the other hand, the package has not been updated in years within Debian, and maybe the Go part could be interesting, but these are two unrelated issues that should be filed separately. Regards, -- David Prévot Marseille (37 rue Guibal, Pôle Média, 13003) / Paris / Montréal http://evolix.com | mastodon.evolix.org/@evolix | http://blog.evolix.com
