ajakk
ajakk
Why not open a PR with the fix?
> This issue got assigned CVE-2021-3575. @msabwat would be worthy if you can add this CVE ID to your commit message. Did you request it? Still seems reserved, so should...
The TALOS advisory says "vendor disclosure" happened on 2020-12-21. Out of curiosity, did that not happen?
That doesn't necessarily mean the CVE is invalid, just that the description is wrong. That said, did anyone tell MITRE?
Ok, I'll just assume something is wrong for me locally.
This seems to also be happening here: https://qa-reports.gentoo.org/output/maintainer-needed.html Which is generated by: https://gitweb.gentoo.org/proj/qa-scripts.git/tree/maintainer-needed.sh
Looks good to me after running for several days! Strangely, the deterministic ordering isn't quite sorted: ``` diff --git a/mervin.conf b/mervin.conf index 0056a38..6d8b7c2 100644 --- a/mervin.conf +++ b/mervin.conf @@ -109,9...
Nobody should be using `sync-uri = https://github.com/gentoo/gentoo.git`. Instead point `sync-uri` at https://github.com/gentoo-mirror/gentoo, which contains the metadata cache.
This doesn't appear to be the upstream repo for xpdf. Why did you fuzz it? This repo's last commit was in 2014 at xpdf-3.04, while xpdf has received many updates...
I'm hitting the aforementioned kaniko issue. Is anything blocking this? Is testing needed?