Hi I have a question about CVE-2017-8364 for rzip. I can see that this was marked as no-dsa (Minor Issue) for jessie and would like to know what the reasoning is behind this.
I'm asking as the Debian bug report #861614 is marked as grave with motivation that it could be a write overflow as well but that it has not been investigated further. Do this no-dsa mean that this has actually been investigated further and that bug #861614 should be marked as important instead? I'm asking as I need to classify this for Debian LTS as well and so far I'm not 100% convinced that the no-dsa for jessie is correct. Best regards // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
