On Wed, Feb 21, 2024 at 04:15:17PM +0100, Matthias Klumpp wrote: > I'd read the "unaffected at 1.2.7" as version 1.2.7 and higher not > having the bug... But then again, on another page it said that the > respective patch only lowered the impact... > I remember merging that patch, and it was a pretty good robustness > improvement, we didn't talk about any use-after-free issue there > though (so it's not obvious why this changes anything either). > > Let's see if we get a reply from the CVE reporter!
Sounds good. If there's no further information provided I'll mark the entry as non actionable in the Debian security tracker and deassociate it from https://security-tracker.debian.org/tracker/source-package/packagekit Cheers, Moritz
