Bug#985427: Wrong DLA number for spice CVEs

To: Petr Perminov <pperminov@ptsecurity.com>, 985427@bugs.debian.org
Cc: Holger Levsen <holger@layer-acht.org>
Subject: Bug#985427: Wrong DLA number for spice CVEs
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 18 Mar 2021 07:15:47 +0100
Message-id: <[🔎] 20210318061547.GA11683@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 985427@bugs.debian.org
In-reply-to: <[🔎] a82f4255b99347ac89312804b0ff416a@ptsecurity.com>
References: <[🔎] a82f4255b99347ac89312804b0ff416a@ptsecurity.com> <[🔎] a82f4255b99347ac89312804b0ff416a@ptsecurity.com>

For the record, the security-tracker ships the authoritative
assignment, they are:

[31 Aug 2018] DLA-1488-1 mariadb-10.0 - security update
        {CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066}
        [jessie] - mariadb-10.0 10.0.36-0+deb8u1

[31 Aug 2018] DLA-1486-1 spice - security update
        {CVE-2018-10873}
        [jessie] - spice 0.12.5-1+deb8u6

https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec38e10ec1289c204c18999585bcbf7967ad7413
and
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bdaa7f41280c397e155037320704cde369172aae

So the wepage of DLA 1488 should just be correct to for the mariadb-10.0
announcement. (The spice DLA seems to have been sent out twice).

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#985427: Wrong DLA number for spice CVEs
  - From: Boyuan Yang <byang@debian.org>

References:
- Bug#985427: Wrong DLA number for spice CVEs
  - From: Petr Perminov <pperminov@ptsecurity.com>

Prev by Date: Bug#985427: Wrong DLA number for spice CVEs
Next by Date: Re: https://www.debian.org/mirror/list debian.inode.at 403 Forbidden
Previous by thread: Bug#985427: Wrong DLA number for spice CVEs
Next by thread: Bug#985427: Wrong DLA number for spice CVEs
Index(es):
- Date
- Thread