Hello, On January 19, 2023 5:24:06 PM EST, Salvatore Bonaccorso <car...@debian.org> wrote: > A CVE description might only refer to a specific point in time's state > and might not be accurate. It needs first to be confirmed the issue > would be fixed in 0.22.0.
Oh, alright. I thought that since it listed a start and end version, the CVE was fixed past the end version. > What are the references confirming the CVE is fixed in 0.22.0? Can you > refer to them so we can re-check? None. I'm not familiar with the codebase or this CVE, just passing by and wondered about that start and end version listed in the description. Thanks, -- Ben Westover
signature.asc
Description: PGP signature
