1 |
John Helmert III wrote: |
2 |
> # John Helmert III <ajak@g.o> (2022-11-27) |
3 |
> # Unmaintained upstream, several unresolved public vulnerabilities, |
4 |
> # Removal in 30 days. Bug #882773. |
5 |
> www-servers/boa |
6 |
|
7 |
This is bogus, please revert. |
8 |
|
9 |
Who are you to declare unmaintained? It's a simple program so maybe |
10 |
it simply needs no further change. |
11 |
|
12 |
Anyway, none of the three CVEs you list in #882773 are valid. |
13 |
|
14 |
CVE-2022-44117 is an empty claim with no detail at all. And as mgorny |
15 |
points out, boa does not have anything to do with SQL. |
16 |
|
17 |
CVE-2021-33558 and CVE-2017-9833 refer to issues in applications or |
18 |
appliances which use boa. They have nothing to do with boa itself. |
19 |
The named files do not exist in the boa package. |
20 |
|
21 |
Shouldn't this process work a lot better? |
22 |
|
23 |
|
24 |
Thanks |
25 |
|
26 |
//Peter |