On Fri, 14 Feb 2020 at 00:11:00 +0100, security minded wrote:
The CVE IDs for the individual vulnerable components are enough to
describe the vulnerability You don't need new CVE IDs to describe the
fact that the installer installs vulnerable components
Linux distribution packages are like installers, if you think about
it - and when a securit ...