Hi Guido, On So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote:
Hi, On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:Hi Gudio, On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote: > Hi, > > for the glibc update I'm preparing three issues that don't have a CVE > assigned yet so they can't be marked as resolved via the entry in > data/DLA/list. Is the correct way to tag these by just adding: > > [squeeze] - eglibc 2.11.3-4+deb6u7 > > to the entries in data/CVE/list after the upload? yes, but please as well ad a note so that once the CVE is assigned, the entry is moved to the correct data/{DSA,DLA}/list. Something like (no rule, but makes it easier to update once CVE assigned): > NOTE: Added workaround entry for DSA-XXXX-1/DLA-XXX-1 until CVE > assigned.Done. Thanks! -- Guido
I just tried to learn from the above discussion and add that work-around note for libemail-address-perl (which I did now via rev36901).
However, I could not find any work-around note for eglibc in the data/CVE/list, not in the file itself nor in the commit history.
Is it possible that you forgot to actually commit that change (or such)? The commit directly after the above mail seems to be rev36841, but that only contains references to upstream fixes, not a reference from data/CVE/list to a DLA in data/DLA/list.
Just curious and eager to learn more about the workflow of Debian security and LTS,
Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgpVmt3xUNGIl.pgp
Description: Digitale PGP-Signatur