Re: How to close open security issues
On 05/24/2011 12:26 AM, sils wrote:
> Paul, please correct me if I was wrong..
> There are a bug in BTS related with 3 of these CVEs
>> http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551
> I found out that It would be needed to add, also, in debian/changelog
> the mention of this bug number.
> Just, hope this will help.
> Kind regards,
Sure. The changelog entry can be like this:
* Fixed CVE-2010-3879 CVE-2011-0541, CVE-2011-0542, CVE-2011-0543:
an unprivileged user could unmount arbitrary locations via symlink attack
due to a race condition (Closes: #624551, #602333).
Thomas Goirand (zigo)