Dave Love wrote:
> I ask because three CVEs have triggered automated bug reports against
> libxsmm <https://apps.fedoraproject.org/packages/libxsmm/bugs>. I don't
> understand why the CVEs were issued, since a problem with unrealistic
> input to a (rather rarely used) development tool doesn't strike me as a
> security problem.
libxsmm is NOT a "development tool", it is a library that ends up linked
into scientific applications. Those applications may very well encounter
untrusted input, especially here where we are talking about importing
external files! So those security issues absolutely MUST be fixed!
Kevin Kofler
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
