* Re: [gentoo-dev] Last rites: www-servers/boa
@ 2022-11-28 7:45 99% ` Peter Stuge
0 siblings, 0 replies; 1+ results
From: Peter Stuge @ 2022-11-28 7:45 UTC (permalink / raw
To: gentoo-dev
John Helmert III wrote:
> # John Helmert III <ajak@gentoo.org> (2022-11-27)
> # Unmaintained upstream, several unresolved public vulnerabilities,
> # Removal in 30 days. Bug #882773.
> www-servers/boa
This is bogus, please revert.
Who are you to declare unmaintained? It's a simple program so maybe
it simply needs no further change.
Anyway, none of the three CVEs you list in #882773 are valid.
CVE-2022-44117 is an empty claim with no detail at all. And as mgorny
points out, boa does not have anything to do with SQL.
CVE-2021-33558 and CVE-2017-9833 refer to issues in applications or
appliances which use boa. They have nothing to do with boa itself.
The named files do not exist in the boa package.
Shouldn't this process work a lot better?
Thanks
//Peter
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2022-11-28 4:53 [gentoo-dev] Last rites: www-servers/boa John Helmert III
2022-11-28 7:45 99% ` Peter Stuge
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox