Hi Moritz If you read the mail chain you can see that I have alread analyzed the two CVEs. So it is already done.
Is it so that you think we should reanalyze entries from 2009 as well, or? / Ola Sent from a phone Den tors 5 juli 2018 17:28Moritz Muehlenhoff <j...@inutil.org> skrev: > B0;115;0cOn Thu, Jul 05, 2018 at 05:24:22PM +0200, Ola Lundqvist wrote: > > Hi Sebastian > > > > With this reasoning we cannot assume that a later release include fixes > for > > earlier releases for any package. Jetty seems to be actively and sanely > > maintained so I think the risk you point out is very low. > > But you are right, this could be the case for a badly maintained package. > > It's all open source, I suggest you simply look at the packages instead > of making assumptions. > > Cheers, > Moritz >
