On Mon, Aug 23, 2021 at 08:18:42AM -0400, Michael Lazin wrote: > I am new to this list and would like to get involved, but I am a relative > beginner in programming. I understand from looking at this CVE that it is > triggered by a particular type of API call, which is probably unlikely in > the wild, unless prior recon has been done and there is already a threat > actor inside. The threat is less than six. I work in security and I have > seen many environments where threats this low are not patched. >...
Debian has already issued a security advisory for this specific vulnerabily for the libuv1 package (and sent to the wrong list): https://www.debian.org/security/2021/dsa-4936 My bug report was about passenger having copies of libraries that might also be vulnerable to CVEs like for example this one. > If I would > have time and would want to volunteer help, can someone instruct me how to > get started? Thank you in advance. I apologize if I am making noise on the > list, I just signed up. I thought QA would be an easy way to get started > in the Debian community. Thanks. That's appreciated. General information: https://www.debian.org/intro/help The debian-mentors mailing list would be a good starting point for helping other contributors with problems packaging and maintaining software in Debian. > Michael Lazin >... cu Adrian
