[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Tue, 12 Oct 2021 15:07:55 -0400 (EDT)
----- Original Message -----
| From: "BRUNO VERNAY" <firstname.lastname@example.org>
| To: "Ncurses Mailing List" <email@example.com>
| Sent: Tuesday, October 12, 2021 8:56:02 AM
| Subject: CVE-2021-39537
| There is a new CVE-2021-39537 :
That says 20210823 (one can only guess why it was delayed more than a year).
| referencing this more than one year old thread:
| I did not find any mention of this CVE in the mailing list and reading the
| messages it sounds like a false-positive.
One of the packagers asked about this last week -
(I did the bisect for him, since I've been working for the past few weeks
anyway to prepare for 6.3)
| Yet all versions up to (including) 6.2.1 are flagged with a CVSS 8.8.
well..., there's no such thing as "6.2.1" on this list.
(the severity's no more reliable than the analysis which led to the report)
Thomas E. Dickey <firstname.lastname@example.org>