[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bsdiff package vulnerable to CVE-2020-14315
From: |
Mark H Weaver |
Subject: |
Re: bsdiff package vulnerable to CVE-2020-14315 |
Date: |
Sun, 14 Mar 2021 17:31:00 -0400 |
Léo Le Bouter <lle-bout@zaclys.net> writes:
> On Wed, 2021-03-10 at 12:32 -0500, Leo Famulari wrote:
>> Well, we could also just remove this package. It sounds like it is
>> not
>> supported on Linux. Does it offer some unique functionality?
>
> I would advocate for removal of the package, or at least warning about
> absence of security patches for security issues at install/show time.
For the record, Léo removed this package in commit
373c7b5791acd8f377455be47260948b843dd5db on the 'master' branch.
Mark