Re: How to close open security issues

To: debian-mentors@lists.debian.org
Subject: Re: How to close open security issues
From: Paul Wise <pabs@debian.org>
Date: Tue, 24 May 2011 00:03:29 +0800
Message-id: <[🔎] BANLkTikzftkKHkAnR0+Sz1mu5QQ8pDohCg@mail.gmail.com>
In-reply-to: <[🔎] 87aaeds9y6.fsf@inspiron.ap.columbia.edu>
References: <[🔎] 87aaeds9y6.fsf@inspiron.ap.columbia.edu>

On Mon, May 23, 2011 at 11:39 PM, Nikolaus Rath <Nikolaus@rath.org> wrote:

> http://packages.qa.debian.org/f/fuse.html reports 4 open security
> issues. I prepared an upload that fixes them, but how do I tell the
> package tracking system that they are fixed? There seem to be no
> associated debian BTS numbers.

You can find the associated bug numbers on the individual CVEs:

http://security-tracker.debian.org/tracker/CVE-2010-3879 => #602333
http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551
http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551
http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551

Be sure to mention the CVE numbers in debian/changelog for the upload
that fixes them.

Also check out the sections of the devref dealing with security issues:

http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: How to close open security issues
  - From: sils <sils@powered-by-linux.com>

References:
- How to close open security issues
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: How to close open security issues
Next by Date: Re: How to close open security issues
Previous by thread: How to close open security issues
Next by thread: Re: How to close open security issues
Index(es):
- Date
- Thread