Hi David, On Thu, Feb 13, 2025 at 04:00:44PM +0100, David Prevot wrote: > Control: severity -1 important > > Hi, > > On 2024-12-26 09:15, Salvatore Bonaccorso wrote: > > Source: percona-toolkit > […] > > CVE-2024-7701[0]: > > | Use of Password Hash With Insufficient Computational Effort > > | vulnerability in percona percona-toolkit allows Encryption Brute > > | Forcing.This issue affects percona-toolkit: 3.6.0. > […] > > [1] https://github.com/percona/percona-toolkit/pull/896 > > Looks like the affected code is exclusively part of the Go source > (inside /src/go) that is not built, nor distributed with the binary > package, hence lowering the severity. > > On the other hand, the package has not been updated in years within > Debian, and maybe the Go part could be interesting, but these are two > unrelated issues that should be filed separately.
Thanks for this update and lowering the severity! Regards, Salvatore
