[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Marking TEMP-* issues as resolved

Hi Guido,

On  So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote:

On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
Hi Gudio,

On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> Hi,
> for the glibc update I'm preparing three issues that don't have a CVE
> assigned yet so they can't be marked as resolved via the entry in
> data/DLA/list. Is the correct way to tag these by just adding:
>     [squeeze] - eglibc 2.11.3-4+deb6u7
> to the entries in data/CVE/list after the upload?

yes, but please as well ad a note so that once the CVE is assigned,
the entry is moved to the correct data/{DSA,DLA}/list.

Something like (no rule, but makes it easier to update once CVE

> NOTE: Added workaround entry for DSA-XXXX-1/DLA-XXX-1 until CVE
> assigned.

Done. Thanks!
 -- Guido

I just tried to learn from the above discussion and add that work-around note for libemail-address-perl (which I did now via rev36901).

However, I could not find any work-around note for eglibc in the data/CVE/list, not in the file itself nor in the commit history.

Is it possible that you forgot to actually commit that change (or such)? The commit directly after the above mail seems to be rev36841, but that only contains references to upstream fixes, not a reference from data/CVE/list to a DLA in data/DLA/list.

Just curious and eager to learn more about the workflow of Debian security and LTS,

mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpVmt3xUNGIl.pgp
Description: Digitale PGP-Signatur

Reply to: