Today I searched about including CVE numbers[1] in old entries on the changelog in the dev-ref and didn't found it, so after asking in #d-d, here is a patch. Feel free to rephrase since I'm not native english speaker. Hope to help, -- Damián Viano(Des) ¯ ¯ - _ _ - ¯ ¯ GPG: 0x6EB95A6F Debian ¯-_GNU_-¯ Linux Web: http://damianv.com.ar/ ¯-¯
--- developers-reference.sgml 2006-07-04 19:33:41.000000000 -0300 +++ developers-reference.sgml.des 2006-07-04 19:45:07.000000000 -0300 @@ -3926,6 +3926,8 @@ When referring to bugs, don't assume anything. Say what the problem was, how it was fixed, and append the "closes: #nnnnn" string. See <ref id="upload-bugfix"> for more information. + <p> +When closing security bugs include CVE/DSA numbers as well as the "closes: #nnnnn" when apropiate, this is usefull for the security team to track vulnerabilities. If the advisory is released after the upload you may add the identifiers to the changelog on the entry that fixed the advisory in your next upload. <sect1 id="bpp-changelog-misconceptions">
Attachment:
signature.asc
Description: Digital signature