On Sat, Nov 10, 2018 at 06:08:38PM +0530, Abhijith PA wrote: > What we should do when we miss to specify a CVE ID in a DLA/DSA ? I'd say definitly update DLA/list and CVE/list in security-tracker.git > Can we > just normally insert in next advisory release.? For eg: DLA-478-1[1] > released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'. You want to include this info in the next squid3 DLA? I'm not sure this is useful, but I'm also not not sure this is what you meant. -- cheers, Holger ------------------------------------------------------------------------------- holger@(debian|reproducible-builds|layer-acht).org PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature