Re: CVE ID missed in DLA, squid3

To: debian-lts@lists.debian.org
Subject: Re: CVE ID missed in DLA, squid3
From: Holger Levsen <holger@layer-acht.org>
Date: Sat, 10 Nov 2018 14:09:07 +0000
Message-id: <[🔎] 20181110140906.mwsk2g42j5dle26k@layer-acht.org>
In-reply-to: <[🔎] 4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>
References: <[🔎] 4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>

On Sat, Nov 10, 2018 at 06:08:38PM +0530, Abhijith PA wrote:
> What we should do when we miss to specify a CVE ID in a DLA/DSA ?

I'd say definitly update DLA/list and CVE/list in security-tracker.git

> Can we
> just normally insert in next advisory release.? For eg: DLA-478-1[1]
> released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.

You want to include this info in the next squid3 DLA? I'm not sure this
is useful, but I'm also not not sure this is what you meant.


-- 
cheers,
	Holger

-------------------------------------------------------------------------------
               holger@(debian|reproducible-builds|layer-acht).org
       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: CVE ID missed in DLA, squid3
  - From: Abhijith PA <abhijith@disroot.org>

References:
- CVE ID missed in DLA, squid3
  - From: Abhijith PA <abhijith@disroot.org>

Prev by Date: CVE ID missed in DLA, squid3
Next by Date: Re: CVE ID missed in DLA, squid3
Previous by thread: CVE ID missed in DLA, squid3
Next by thread: Re: CVE ID missed in DLA, squid3
Index(es):
- Date
- Thread