Control: severity -1 normal
On 20.11.24 06:28, Ajin Deepak wrote:
Found a memory leak in the latest version of dcraw.
Did you already apply for a CVE number?
Impact: Memory leaks can create vulnerabilities. Attackers might exploit them to degrade service (denial of service attacks) or infer information about memory layouts, aiding other exploits. These also affect the previous versions too.
This is ridiculous! dcraw is a CLI tool. What kind of service do you want to degrade? What kind of information can be leaked and on which way? In the past similar bugs have been been rated as "unimportant" or "minor" by the Debian Security Team. What evidence do you have that this bug is different?
Setting severity to normal again. Thorsten
