John Helmert III wrote: > # John Helmert III <a...@gentoo.org> (2022-11-27) > # Unmaintained upstream, several unresolved public vulnerabilities, > # Removal in 30 days. Bug #882773. > www-servers/boa
This is bogus, please revert. Who are you to declare unmaintained? It's a simple program so maybe it simply needs no further change. Anyway, none of the three CVEs you list in #882773 are valid. CVE-2022-44117 is an empty claim with no detail at all. And as mgorny points out, boa does not have anything to do with SQL. CVE-2021-33558 and CVE-2017-9833 refer to issues in applications or appliances which use boa. They have nothing to do with boa itself. The named files do not exist in the boa package. Shouldn't this process work a lot better? Thanks //Peter