Re: Report a vulnerability to the security team

To: debian-lts@lists.debian.org
Subject: Re: Report a vulnerability to the security team
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 3 Oct 2024 22:20:30 +0200
Message-id: <[🔎] 9161b7b5-458d-4d2d-99dd-073aec7ec937@beuc.net>
In-reply-to: <[🔎] 691bd148124cad861057ac40054af2cd684c24ee.camel@debian.org>
References: <[🔎] 691bd148124cad861057ac40054af2cd684c24ee.camel@debian.org>

Hi Daniel,

On 03/10/2024 21:47, Daniel Leidert wrote:

I just became aware that a new unbound version was released just now
that fixes a vulnerability (CVE-2024-8508) that is not yet listed in
the tracker. What are the proceedings to get it listed/evaluated?


Salvatore just added it :)
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/commit/b06702662e7ff1656e64e11c18900b74edb63ea1

Within an hour, the web tracker will be updated.
https://deb.freexian.com/extended-lts/tracker/CVE-2024-8508

More generally newly published CVEs are grabbed twice a day from MITREand checked by the Debian Security Team, or added manually before thatby them (which is the case here).


Cheers!
Sylvain

Reply to:

References:
- Report a vulnerability to the security team
  - From: Daniel Leidert <dleidert@debian.org>

Prev by Date: Report a vulnerability to the security team
Next by Date: Re: Support for ckeditor3 and horde in Debian
Previous by thread: Report a vulnerability to the security team
Next by thread: Re: Libreoffice failure
Index(es):
- Date
- Thread