[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE triage in the tracker


I've had a look at Ming CVEs these last days, and a lot of them were
already fixed in Wheezy since 1:0.4.4-1.1+deb7u8, where I fixed a lot
of potential weaknesses. However I'm not completely sure about how to
fill these information in the tracker.

At first I did

[wheezy] - ming <not-affected> (Already fixed in 0.4.4-1.1+deb7u8)

but I'm pretty sure it was wrong, so I changed[0] it to

[wheezy] - ming 0.4.4-1.1+deb7u8

Still I'm not completely sure it's the right way to proceed. Can anybody
take a look ?

Second question: Even if Ming isn't present in unstable, the tracker
still mentions (unstable) - (unfixed) in the second table. IMO this
row makes no sense, is it a bug ?

Example: https://security-tracker.debian.org/tracker/CVE-2018-8964

Thanks !


[0] https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3e307fa7355af36ff0133a459de8d7fe561c97d

             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA

Attachment: signature.asc
Description: PGP signature

Reply to: