Greetings Eclipse TinyDTLS committers.
There is an open vulnerability report
registered against the project code. Note that the issue is currently marked confidential and so is only accessible by committers.
I need project committers to have a look at the report and determine if it correctly identifies a vulnerability. If yes, then you need to determine when the correct time is to assign a CVE and disclose the vulnerability. The Eclipse Foundation's practices regarding mitigation of vulnerabilities
is captured in the handbook.
Thanks for your attention in this matter.