On Thu, Apr 11, 2024 at 10:23:13PM +0200, Ola Lundqvist wrote: > Hi fellow LTS contributors > > I hope you do not mind me asking but there is one thing that I would > like to check. > > When I look at this CVE that was previously postponed: > https://security-tracker.debian.org/tracker/CVE-2019-12214 > > The information tells that the vulnerability my in fact not be in > freeimage at all. > For this I think "undetermined" tag is typically used instead of postponed. > Should I change? > I would recommend against changing it. *We* think that it may not be an issue in freeimage, but that is based on Hugo's speculation. I don't think "undetermined" is meant to be used in this case.
> I guess so, but since I'm not sure if it has any other implications I > want to check first. > > We will clearly not be able to fix it in any case because we do not > have enough information to tell what the problem was in the first > place. > > While I'm at it I'm removing postponed tag for a few CVEs now, because > they are postponed until patches are available and now patches are > available in fedora. > Regards, -Roberto -- Roberto C. Sánchez
