Hi,
Just wondering if the vulnerabilities published at NVD on dnf5 are being worked on.
Hi,
Just wondering if the vulnerabilities published at NVD on dnf5 are being worked on.
It is reported since 2024-03-05 12:17:46 UTC
It appears that a possible fix was submitted. See the bug fix section of the report.
If that is correct I am not sure why the bug is still open.
Thanks Barry for forwarding this to devel: Barry’s mail was answered, it seems the CVE was already resolved in February.
→ DNF5 CVE-2024-1929 is it fixed? - devel - Fedora mailing-lists
I assume someone just forgot to close the ticket. If anyone has time to spare, feel free to post in the bug ticket a reference to the devel mailing list and remind that this should be verified and if true, the ticket should be closed to avoid confusions. If product security wants to keep the ticket open for some other reason, it might be useful to at least add a comment that confirms it was fixed.
Forget this. Jan already posted. Let’s see what is to come. But I expect this issue is already solved.