Hi Do we have a fix that solve the problem? If we do we can simply upload a new version with the fix and describe it accordingly. If it is fixed in some cases it may be considered fixed.
I have not checked the details about this specific problem. // Ola On 2 April 2018 at 10:22, Brian May <b...@debian.org> wrote: > Ola Lundqvist <o...@inguza.com> writes: > > > We can simply send a DLA-1283-2 telling that it was not fixed. > > Do we all agree that this is not fixed? It really depends on the user's > of this library and how they use it. > > Lets assume we agree it isn't fixed. > > I cannot think how to word this advisory. I don't think we have any > advisory yet that completely reverses an existing advisory. Maybe > somethin glike "DLA1283-1 indicated that we have a solution for > CVE-2018-6594, but this has been disputed by the researchers who found > the problem who claim the problem is not fixed."? > > Also we would somehow have to update the security tracker to reflect > that the issue is not actually fixed. > -- > Brian May <b...@debian.org> > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------