Hello!
My name is Hadas, I'm in the Snyk Security Group. I've been in contact with you a while back regarding the `no-dsa` field and its different tags.
I just want to further confirm if our understanding of the usage of the various terms (`no-dsa`, `ignored`, `postponed`, "Minor issue") is correct:
1. From
this documentation it seems that "Minor issue" should not be used for drawing conclusions on the severity of the vulnerability, but from
this documentation it does seem like the severity might mean "minor" in these cases. Could you please clarify that?
2. In our previous conversation there was a suggestion only to use the `ignored` and `postponed` tags to understand the priority of the vulnerability.
I do see that there are certain vulnerabilities, for example
CVE-2022-45198 in Buster, that are only marked with "Minor issue" in the `no-dsa` field, and don't have either of the `ignored` or `postponed` tags. Could you please help us understand what we should do in such cases? What does the "Minor issue" suggest here?
Thank you for the help,
Hadas
--
|
![snyk]()
|
|
Hadas Bloom
|
|
Senior Security Analyst
|
Snyk
|
|
hadas.bloom@snyk.io
|
|
Snyk Israel Ltd: 515326122
Corporate Office:
156 Menachem Begin, Tel Aviv, Israel
|
|
|
This email (including any attachments) is for the sole use of the intended recipient and may contain confidential information which may be protected by legal privilege. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication and/or its content is strictly prohibited. If you are not the intended recipient, please immediately notify us by reply email or by telephone, delete this email and destroy any copies. Thank you.