Hi Chris Today I looked at CVE-2020-36193 since we have php-pear in dla-needed. Ths thing is that this CVE tells that drupal7 is also vulnerable but drupal7 is not in dla-needed.txt.
Is there any specific reason for this? I guess there is, like drupal7 impact was realized later, or lack of time for triaging or something else. Or should I add drupal7 as well? I decided to ask instead of spending a lot of time trying to figure this out from git history. Cheers // Ola -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
