Re: CVE ID missed in DLA, squid3
Hi,
On Saturday 10 November 2018 06:08 PM, Abhijith PA wrote:
> Hello.
>
>
> What we should do when we miss to specify a CVE ID in a DLA/DSA ? Can we
> just normally insert in next advisory release.? For eg: DLA-478-1[1]
> released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.
Slight update, it wasn't DLA-478-1. It was DSA-3625-1. Cause at that
time jessie was under security team.
> --abhijith
>
> [1] - https://lists.debian.org/debian-lts-announce/2016/05/msg00028.html
>
--a.
Reply to: