Hi, Basically Hanno Boeck reported a serious bug in "libraptor", an RDF reader used by LibreOffice 3 years ago.... It did not get a CVE, and so was not picked up by Linux Distributions. He actually got one some weeks ago, predisclosed the issue, and then wrote this article about this experience. Basically that without CVEs things are not getting fixed... (He also dissed openSUSE as we were not yet out with the fix at the time of the article.) Ciao, Marcus On Fri, Nov 27, 2020 at 08:02:02AM +0100, Mark Stopka wrote:
It's in German and behind something that seems to be a pay-wall, anybody could do a simple Google Translate for us non-german speakers? -- Best regards / S pozdravem, BSc. Mark Stopka, BBA
mobile: +420 704 373 561
On Mon, Nov 23, 2020 at 6:04 PM Marcus Meissner <meissner@suse.de> wrote:
On Fri, Nov 13, 2020 at 04:54:41PM +0100, Stakanov wrote:
Artikel auf Golem.de lesen:
Hmmmm, we got "bad press" (German language) about a security issue. (link above).
I only now got back mod/admin rights to this list.
We meanwhile have released raptor updates.
If something does not have a CVE, it is quite hard for anyone to track, so if there are security issues, CVE assignment should be pursued so everyone can handle it:/
Ciao, Marcus