Control: tag -1 - moreinfo On Sat, Nov 23, 2019 at 06:45:27PM +0100, Julien Cristau wrote: > Control: tag -1 moreinfo > > On Sat, Nov 16, 2019 at 05:36:13PM +0100, Mattia Rizzolo wrote: > > Limnoria is affected by a security issue the security team deemed not > > DSA-worthy. See https://security-tracker.debian.org/tracker/CVE-2019-19010 > > > What's the test coverage like for this code, and what's the regression > risk?
limnoria's whole code (including this plugin) is completely covered by a comprehensive test suite. And even if there was a regression it would be limited to this single plugin, not affecting the regular operation of the rest of the program. For this plugin, the tests check all the operations: https://sources.debian.org/src/limnoria/2019.11.09-2/plugins/Math/test.py/ As a test for this particular bug, since this was a bad eval(), now that there is no eval() anymore that sufficies as a test. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature