Christian Queen

Thanks for the explanation @alperb. Would it be possible to mark the CVE's disputed? Seems like @richardgirges didn't agree on the severity at least. If the CVEs stay as written,...

Yes, I agree with you. The "exposure" in this package is probably the passing through of potentially dangerous metadata. Unless @harunoz clarifies his findings or @richardgirges disputes the CVE, this...

I have never done it personally, but I found this document: https://www.cve.org/Resources/General/Policies/CVE-Record-Dispute-Policy.pdf