Bug#376961: developers-reference: Include CVE numbers in changelog as best practice

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#376961: developers-reference: Include CVE numbers in changelog as best practice
From: Damián Viano <debian@damianv.com.ar>
Date: Wed, 5 Jul 2006 19:06:48 -0300
Message-id: <[🔎] 20060705220648.GA32342@vianonet.com.ar>
Reply-to: Damián Viano <debian@damianv.com.ar>, 376961@bugs.debian.org

Package: developers-reference
Severity: wishlist
Tags: patch

Today I searched about including CVE numbers[1] in old entries on the
changelog in the dev-ref and didn't found it, so after asking in #d-d,
here is a patch. Feel free to rephrase since I'm not native english
speaker.

        Hope to help,

--- developers-reference.sgml	2006-07-04 19:33:41.000000000 -0300
+++ developers-reference.sgml.des	2006-07-04 19:45:07.000000000 -0300
@@ -3926,6 +3926,8 @@
 When referring to bugs, don't assume anything.  Say what the problem
 was, how it was fixed, and append the "closes: #nnnnn" string.  See
 <ref id="upload-bugfix"> for more information.
+          <p>
+When closing security bugs include CVE/DSA numbers as well as the "closes: #nnnnn" when apropiate, this is usefull for the security team to track vulnerabilities. If the advisory is released after the upload you may add the identifiers to the changelog on the entry that fixed the advisory in your next upload.
 
 
 	<sect1 id="bpp-changelog-misconceptions">

Reply to:

Follow-Ups:
- Bug#376961: developers-reference: Include CVE numbers in changelog as best practice
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>

Prev by Date: Re: Include CVE numbers in changelog as best practice
Next by Date: Bug#258437: correct patch
Previous by thread: Fwd: Do you want a {}prosperous future?
Next by thread: Bug#376961: developers-reference: Include CVE numbers in changelog as best practice
Index(es):
- Date
- Thread