[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH 3/3] report-vuln: Support generation of mail headers



Hi Guido,

On Wed, Nov 29, 2017 at 01:48:02PM +0100, Guido Günther wrote:
> Address the bts already and put the CVEs in the subject.
> 
> ---
> This can be further improved regards temp id handling, providing a
> better subject in case of only a single CVE, etc. but already makes like
> simpler. O.k. to apply?

Looks fine as long the -m remains the non-default for now and
bin/report-vuln just can be used to generate templates as before.

Would it be possible though to change the generated subject to include
the source package name (or binary package name, depending on the
mode) as provided, and append after a : just the CVEs space separated?

That is rather than

Subject: CVE-id1, CVE-id2, ...

more like

Subject: srcpkg: CVE-id1 CVE-id2 ...

Agree, that is a matter of taste of the person filling the bug though,
so we might not reach agreement on  the desired formatting :)
everybody is doing something different. Some examples of subjects,
just from recent IRC bot on #debian-devel-changes:

#879732: CVE-2017-15874 / CVE-2017-15873
#882648: exim4: CVE-2017-16943: use-after-free vulnerability while reading mail header
#882034: ruby-redis-store: CVE-2017-1000248
#878840: icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp
#881445: ruby-ox: CVE-2017-15928: Segmentation fault in the parse_obj
 
Regards,
Salvatore


Reply to: