Replies: 3 comments
-
Hi @noren95. I converted your issue to a GitHub discussion as it seems more appropriate (this could also be a Slack message). Tagging @dpgaspar who's responsible for managing the CVEs. |
Beta Was this translation helpful? Give feedback.
-
@noren95 I'm clarifying this issue with ASF. CVE-2023-46104 is the candidate one for rejection. I'll keep this discussion up to date as we get more info. |
Beta Was this translation helpful? Give feedback.
-
ok rejecting the CVE may cause even further confusion, since there are references to it. I do think the description on CVE-2024-23952 is clear enough. |
Beta Was this translation helpful? Give feedback.
-
Hi,
CVE-2024-23952 was published recently, while this is the same issue as CVE-2023-46104 that was published two months ago. The only difference is the version range correction.
There is no purpose to remain with two CVEs here since it raises too much confusion among users.
Is there a plan to reject one of them? and which of them?
Thanks in advance.
See duplication here:
https://www.cve.org/CVERecord?id=CVE-2023-46104
https://www.cve.org/CVERecord?id=CVE-2024-23952
https://seclists.org/oss-sec/2024/q1/132
Beta Was this translation helpful? Give feedback.
All reactions