Hi Utkarsh On Wed, May 18, 2022 at 06:05:10AM +0530, Utkarsh Gupta wrote: > Hi Security team, > > On Wed, May 18, 2022 at 2:05 AM Ola Lundqvist <o...@inguza.com> wrote: > > If you think we should support the package I'll add it to > > dla-needed. From the description it looks like one can trigger > > a denial of service without being authenticated. That sounds > > pretty severe to me. > > I'll just go ahead and reserve an update for stretch then. Do you > think this is something that'd warrant a DSA, too? If not, I'll just > open -pu bugs and get 'em dome.
It won't warrant a DSA, but note that elog will be removed on the next buster and bullseye point releases: https://bugs.debian.org/1010196 https://bugs.debian.org/1010197 Regards, Salvatore
