Hi,
On Sat, 2 May, 2020, 3:28 AM Ola Lundqvist, wrote:
> Added the package to DLA needed.
>
Unless there's a CVE assigned for this, should I really be fixing it and
announcing the update?
Best,
Utkarsh
>
Hi Utkarsh et al.,
> Unless there's a CVE assigned for this, should I really be fixing it
> and announcing the update?
This might be conflating cause and effect. Let me ask a question in
return - did you consider applying for a CVE? If we cannot justify
applying for one on grounds of severity th
Hi Utkarsh,
I will first your mail in full with the Git SHAs expanded to URIs of
the diffs themselves:
> The general dependency updates including some with security
> implications: https://github.com/apache/tika/commit/171f4343.diff
>
> The fixes for the security items identified in that CVE
> h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
April was my 26th month as a Debian LTS paid contributor.I was
assigned 14 hours. I was only able to spent 10 hours.
* apache-log4j2: Backporting CVE-2020-9488 needs backporting couple of
java classes from upstream and is intrusive. Another fas
