[Secure-testing-commits] r11262 - data/CVE
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Feb 25 07:25:13 UTC 2009
Hi Michael
> Modified:
> data/CVE/list
> Log:
> set imlib2 severity to high since problem has unknown impact and a high nvd
> severity
You shouldn't trust the severity levels of all the various securiy webpages.
We need to verify this by ourselves. Also I contacted upstream about the
imlib issue and he said he's not actively tracking security issues, but
fixing them when they arrive. So someone needs to go through the upstream VCS
to check for security issues and then access them.
By the way, if you are not sure about the severity, then just leave it open. I
do that a lot of times, especially with these vague descriptions.
Please adjust the imlib2 severity (or as said remove it :) ).
Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090225/fa67990d/attachment.pgp
More information about the Secure-testing-commits
mailing list