Hi, On 2022-04-08 20:23, Newell, Matthew wrote: > Are there currently any plans to resolve CVE-2018-20796 within the Debian > glibc package?
No. This is CVE is not considered as a vulnerability by upstream or Debian, so no fix exist for it and nobody is working on it. It's very unlikely to be fixed. > I am attempting to determine estimated remediation time (if any) to determine > how to handle this CVE within my organization. Please let me know if you need > any additional information. > > Related security tracker link: > https://security-tracker.debian.org/tracker/CVE-2018-20796 On that link you will see at the bottom the reason why it is not treated as a vulnerability. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net