Dave Love wrote: > I ask because three CVEs have triggered automated bug reports against > libxsmm <https://apps.fedoraproject.org/packages/libxsmm/bugs>. I don't > understand why the CVEs were issued, since a problem with unrealistic > input to a (rather rarely used) development tool doesn't strike me as a > security problem. libxsmm is NOT a "development tool", it is a library that ends up linked into scientific applications. Those applications may very well encounter untrusted input, especially here where we are talking about importing external files! So those security issues absolutely MUST be fixed! Kevin Kofler _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
