Re: [Secure-testing-commits] r51756 - data/CVE

To: Hugo Lefeuvre <hle@debian.org>
Cc: Moritz Muehlenhoff <jmm@debian.org>, debian-lts@lists.debian.org
Subject: Re: [Secure-testing-commits] r51756 - data/CVE
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 19 May 2017 18:48:39 +0200
Message-id: <[🔎] 20170519164839.GA12737@inutil.org>
In-reply-to: <[🔎] 20170519163410.q4d5cdk5w6fdkmwk@hle-laptop.local>
References: <E1dBkgY-0002hk-PC@moszumanska.debian.org> <[🔎] 20170519162543.k7uhaqlhwrpe67qp@pisco.westfalen.local> <[🔎] 20170519163410.q4d5cdk5w6fdkmwk@hle-laptop.local>

On Fri, May 19, 2017 at 06:34:10PM +0200, Hugo Lefeuvre wrote:
> Hi Moritz,
> 
> On Fri, May 19, 2017 at 06:25:43PM +0200, Moritz Muehlenhoff wrote:
> > On Fri, May 19, 2017 at 04:23:25PM +0000, Hugo Lefeuvre wrote:
> > > Author: hle
> > > Date: 2017-05-19 16:23:25 +0000 (Fri, 19 May 2017)
> > > New Revision: 51756
> > > 
> > > Modified:
> > >    data/CVE/list
> > > Log:
> > > CVE triage for libav in wheezy by Diego Biurrun
> > 
> > That's no okay. Why do you remove several <undetermined> entries?
> 
> Because the CVE doesn't affect libav at all.
> 
> Should I let the libav entry in this case ?

You should re-read the security tracker docs. This obviously
needs to be marked as <not-affected> with an explation why
it's not an issue for libav.

Cheers,
        Moritz

Reply to:

References:
- Re: [Secure-testing-commits] r51756 - data/CVE
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Re: [Secure-testing-commits] r51756 - data/CVE
  - From: Hugo Lefeuvre <hle@debian.org>

Prev by Date: Re: [Secure-testing-commits] r51756 - data/CVE
Next by Date: testing bind9 for Wheezy LTS
Previous by thread: Re: [Secure-testing-commits] r51756 - data/CVE
Next by thread: testing bind9 for Wheezy LTS
Index(es):
- Date
- Thread