Re: Accepted elog 2.5.7+r1558-2 (i386 source)
Steve Langasek wrote:
> On Thu, May 05, 2005 at 12:12:11PM +0300, Recai Oktas wrote:
> > * Steve Langasek [2005-05-05 01:23:19-0700]
> > > On Thu, May 05, 2005 at 03:32:12AM -0400, Recai Okta?? wrote:
> > [...]
> > > > elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high
> > > > .
> > > > * Fix a possible buffer overflow.
> > > > * Urgency set to high because of the security issue.
> > > > * Minor doc fix in welcome message.
> > > > * Improve package description.
> > >
> > > This changelog mentions neither a Debian bug number, nor a CVE id for this
> > > problem; is either available?
> > No, neither is available. Should I first submit a bug for this issue?
> No, but please contact the security team and the testing security team to
> inform them of this upload.
FYI: I can only request a CVE Id for a vulnerability we will report
about in a security advisory. If we don't send out an advisory, I
won't get a CVE Id (unless another vendor issues an advisory).
Recai, please talk to email@example.com if you need more from
me as I haven't followed all elog mails on -release.
If nothing changes, everything will remain the same. -- Barne's Law