Thanks @alexmurray for your helpful comments. We would be glad if you will be able to clarify some things:
1. Regarding the numbers of affected systems - we wouldn't want to overestimate the numbers of course. The numbers that appear in the blogpost are rough estimates done by us, based on the numbers of ubuntu users etc. If you have better numbers or estimates (including the other products (greengrass, microk8s, etc) too that would be great and we would like to replace our estimates with it.
2. Speaking of aws greengrass, we contacted aws too before publishing the blogpost. They insist that only the v1 package is affected which is deprecated, and that greengrass v2 is not vulnerable to this CVE. Is that true?
Thanks @alexmurray for your helpful comments. We would be glad if you will be able to clarify some things:
1. Regarding the numbers of affected systems - we wouldn't want to overestimate the numbers of course. The numbers that appear in the blogpost are rough estimates done by us, based on the numbers of ubuntu users etc. If you have better numbers or estimates (including the other products (greengrass, microk8s, etc) too that would be great and we would like to replace our estimates with it.
2. Speaking of aws greengrass, we contacted aws too before publishing the blogpost. They insist that only the v1 package is affected which is deprecated, and that greengrass v2 is not vulnerable to this CVE. Is that true?
Thanks.