Bug#994897: security-tracker: turning text URL to link includes extraneous character
I should have finalized to reply on the bug in full first, apologies
you now get two mails!
On Sat, Dec 11, 2021 at 08:36:11AM +0100, Salvatore Bonaccorso wrote:
> The underlying bug might still be fixed at some point, there was a
> similar issue in past for the NOTE part as well, which if I remember
> correctly got fixed.
Picking the explicit mentioned list, I would still see it usefull if
the parsing is correct, but it's really a minor issue in the ned:
CVE-2017-0381
> [jessie] - opus <ignored> (Minor issue, https://bugs.debian.org/851612#10)
Would still be usefull if that works when displaying, because the
reference hilights more detailed why the issue was ignored for the
specific suite.
CVE-2018-16869
> [jessie] - nettle <no-dsa> (Minor issue - https://lists.debian.org/debian-lts/2019/03/msg00021.html)
Same as above, the reference gives an additional information why in
LTS context for jessie the issue can be considered minor, but not
necessary as a general note for the CVE. Borderline, a NOTE could also
have worked for this case I guess.
CVE-2021-32686
> [stretch] - pjproject <no-dsa> (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch)
As for the initial mentioned CVE. I believe this does not belong to
the tracker itself, but seems to be for a partial work on the package
so the work is not lost when another LTS member picks up to further
update pjproject and might want to include the work from abhijith.
CVE-2020-28491
> [stretch] - jackson-dataformat-cbor <no-dsa> (Minor issue; https://people.debian.org/~abhijith/CVE-2020-28491.txt)
Samewise, IMHO.
CVE-2008-5161
> [etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
Indeed that would have been more appropriate putting in some form in a
NOTE!
Regards,
Salvatore
Reply to: