CVE ID missed in DLA, squid3

To: Debian LTS <debian-lts@lists.debian.org>
Subject: CVE ID missed in DLA, squid3
From: Abhijith PA <abhijith@disroot.org>
Date: Sat, 10 Nov 2018 18:08:38 +0530
Message-id: <[🔎] 4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>

Hello.


What we should do when we miss to specify a CVE ID in a DLA/DSA ? Can we
just normally insert in next advisory release.? For eg: DLA-478-1[1]
released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.


--abhijith

[1] - https://lists.debian.org/debian-lts-announce/2016/05/msg00028.html

Reply to:

Follow-Ups:
- Re: CVE ID missed in DLA, squid3
  - From: Holger Levsen <holger@layer-acht.org>
- Re: CVE ID missed in DLA, squid3
  - From: Markus Koschany <apo@debian.org>

Prev by Date: My Debian LTS activities in October 2018
Next by Date: Re: CVE ID missed in DLA, squid3
Previous by thread: My Debian LTS activities in October 2018
Next by thread: Re: CVE ID missed in DLA, squid3
Index(es):
- Date
- Thread