On 16 October 2014 12:20, Burton, Ross <ross.burton at intel.com> wrote: > Does this CVE also apply > to readline 5.2 that we ship as a non-GPLv3 alternative? Answering my own question, whilst the CVE report says it affects 5.3, the vulnerable function isn't in 5.2. Ross