Im just going to state this and let yall figure it out. Security Exploits / CVE?
Look no matter what OS, or SOFTWARE you run on your electronics hardware. At the end of the day, Electronics has a fatal flaw. And cannot be secured. That flaw has been known about since Electronics was invented / discovered. And any notion of " Security " of electronics, or software operating on electronics. Is a delusional thought. On Sun, Mar 10, 2024 at 9:59 AM Salvatore Bonaccorso <car...@debian.org> wrote: > Hi, > > On Fri, Mar 01, 2024 at 09:11:34AM +0100, Richard van den Berg wrote: > > Dear security team, > > > > May I ask why CVE-2023-41105 was marked as "<no-dsa> (Minor issue)"[1] ? > > > > As the CVE description says there are plausible cases where this can > lead to > > security issues. > > > > There is a backport available for python 3.11 and it seems most other > > distros have patched this CVE. > > The current open issues for python3.11 in bookworm do not warrant a > DSA on it's own, but that does not mean that they cannot be fixed > (though someone needs to step up and do the work). > > The current three open CVEs CVE-2023-24329, CVE-2023-40217 and > CVE-2023-41105 could be batched together and fixed in a point release > (there is one upcoming on 2024-04-06, whith the window for uploads > closing the preceeding weekend). > > Regards, > Salvatore > >