Re: How to handle the case with no CVE

[Ola Lundqvist <ola@inguza.com>]

Hi Salvatore

Thanks for quick answer.

Yes I have seen that and uploaded to the archive. I guess it has not been processed yet.

A CVE request was made half a year ago, but none assigned that I could find.

Regarding the addition if a line to data/CVE/list. Shall I add it to a dummy id because the format looks like it is

CVE-XXX-XXX

  lines

Or do I just add that line in the very beginning without any identifier?

// Ola

On Thu, May 26, 2016 at 12:18 PM, Salvatore Bonaccorso <carnil@debian.org> wrote:

Hi,

On Thu, May 26, 2016 at 12:11:42PM +0200, Ola Lundqvist wrote:
> Hi
>
> I have now fixed ruby-mail and the problem described there did not have a
> CVE identifier.
> See here:
> https://security-tracker.debian.org/tracker/source-package/ruby-mail
> Instead it has a TEMP-0000000-8B2928 identifier.
>
> How do I mark that one as fixed?
>
> I could not add TEMP-... to to gen-DLA command as it did not accept that
> name.
>
> Can I mark it as fixed in some other way?

Just to be sure, have you recieved my other mail where I have
forwarded you the REJECT mail and as well commented on the above?

Just add

        [wheezy] - ruby-mail fixedversion

to data/CVE/list. Please do that only when no CVE is assigned. Ideally
if no CVE request was ever done, please do via oss-security
mailinglist.

HTH,

Regards,
Salvatore

--

 --- Inguza Technology AB --- MSc in Information Technology ----

/  ola@inguza.com                    Folkebogatan 26            \

|  opal@debian.org                   654 68 KARLSTAD            |

|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |

\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

 ---------------------------------------------------------------