Re: [PATCH 3/3] report-vuln: Support generation of mail headers
Hi Guido,
On Wed, Nov 29, 2017 at 01:48:02PM +0100, Guido Günther wrote:
> Address the bts already and put the CVEs in the subject.
>
> ---
> This can be further improved regards temp id handling, providing a
> better subject in case of only a single CVE, etc. but already makes like
> simpler. O.k. to apply?
Looks fine as long the -m remains the non-default for now and
bin/report-vuln just can be used to generate templates as before.
Would it be possible though to change the generated subject to include
the source package name (or binary package name, depending on the
mode) as provided, and append after a : just the CVEs space separated?
That is rather than
Subject: CVE-id1, CVE-id2, ...
more like
Subject: srcpkg: CVE-id1 CVE-id2 ...
Agree, that is a matter of taste of the person filling the bug though,
so we might not reach agreement on the desired formatting :)
everybody is doing something different. Some examples of subjects,
just from recent IRC bot on #debian-devel-changes:
#879732: CVE-2017-15874 / CVE-2017-15873
#882648: exim4: CVE-2017-16943: use-after-free vulnerability while reading mail header
#882034: ruby-redis-store: CVE-2017-1000248
#878840: icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp
#881445: ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj
Regards,
Salvatore
Reply to: