Bug#1036467: virtuoso-opensource: CVE-2023-31607 CVE-2023-31608 CVE-2023-31609 CVE-2023-31610 CVE-2023-31611 CVE-2023-31612 CVE-2023-31613 CVE-2023-31614 CVE-2023-31615 CVE-2023-31616 CVE-2023-31617 CVE-2023-31618 CVE-2023-31619 CVE-2023-31620 CVE-2023-31621 CVE-2023-31622 CVE-2023-31623 CVE-2023-31624 CVE-2023-31625 CVE-2023-31626 CVE-2023-31627 CVE-2023-31628 CVE-2023-31629 CVE-2023-31630 CVE-2023-31631
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 14 20:08:50 GMT 2024
Hi Andreas,
On Thu, Mar 14, 2024 at 03:22:58PM +0100, Andreas Beckmann wrote:
> Control: severity -1 important
> On Sun, 21 May 2023 20:43:40 +0200 Salvatore Bonaccorso <carnil at debian.org>
> wrote:
> > Source: virtuoso-opensource
> > Version: 7.2.5.1+dfsg1-0.3
> > Severity: grave
>
> Downgrading the severity since all CVEs are marked as no-dsa (minor issue).
This is actually orthogonal. We might indicate with a RC severity that
we think the next stable release should not ship with these issues
unfixed. And in fact the package was not in testing.
Lowering the severity makes it actually re-enter testing next (well
actually once it is possible I guess as the migration is yet blocked).
Please reconsider the lowering of the severity with that information
(but I will not setting it back myself but rather open it for
discussion with the above and maybe maintainers will comment as well).
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list