[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?
From: |
Leo Famulari |
Subject: |
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates? |
Date: |
Tue, 16 Mar 2021 13:48:53 -0400 |
On Tue, Mar 16, 2021 at 06:06:28PM +0100, Léo Le Bouter wrote:
> The CVE-2021-24032 is Base Score: 9.1 CRITICAL - which is exceptionally
> high so fixing it is an absolute necessity in any branch.
This is off-topic, but I think that CVE scoring is not really that
useful. This bug is a local TOCTOU race which is bad but hardly
critical, IMO. For something to be critical, it should enable remote
execution of arbitrary code.
signature.asc
Description: PGP signature
- Re: GNU Guix (pull?) on i686 broke after zstd grafting, (continued)
Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, zimoun, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Leo Famulari, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, zimoun, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Léo Le Bouter, 2021/03/16
Re: Release 1.2.1: zstd 1.4.4 -> 1.4.9: grafting or core-updates?, Leo Famulari, 2021/03/16