https://bugzilla.redhat.com/show_bug.cgi?id=1801149
--- Comment #9 from Cedric Buissart 🐶 cbuissar@redhat.com --- Statement:
Red Hat Satellite 6 uses a vulnerable version of libquartz as a dependency for candlepin. However, the <job><descrition> entry is not used, and the vulnerability can not be triggered. An update may fix the code in the future.