Re: CVE ID missed in DLA, squid3

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: CVE ID missed in DLA, squid3
From: Abhijith PA <abhijith@disroot.org>
Date: Sat, 1 Dec 2018 13:32:46 +0530
Message-id: <[🔎] c1ee9944-b232-2445-f51e-6eac392853bd@disroot.org>
In-reply-to: <4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>
References: <4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>

Hi,

On Saturday 10 November 2018 06:08 PM, Abhijith PA wrote:
> Hello.
> 
> 
> What we should do when we miss to specify a CVE ID in a DLA/DSA ? Can we
> just normally insert in next advisory release.? For eg: DLA-478-1[1]
> released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.

Slight update, it wasn't DLA-478-1. It was DSA-3625-1. Cause at that
time jessie was under security team.

> --abhijith
> 
> [1] - https://lists.debian.org/debian-lts-announce/2016/05/msg00028.html
> 

--a.

Reply to:

Next by Date: LTS report for November 2018 - Abhijith PA
Next by thread: LTS report for November 2018 - Abhijith PA
Index(es):
- Date
- Thread