Re: How to close open security issues
On Mon, May 23, 2011 at 11:39 PM, Nikolaus Rath <Nikolaus@rath.org> wrote:
> http://packages.qa.debian.org/f/fuse.html reports 4 open security
> issues. I prepared an upload that fixes them, but how do I tell the
> package tracking system that they are fixed? There seem to be no
> associated debian BTS numbers.
You can find the associated bug numbers on the individual CVEs:
http://security-tracker.debian.org/tracker/CVE-2010-3879 => #602333
http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551
http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551
http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551
Be sure to mention the CVE numbers in debian/changelog for the upload
that fixes them.
Also check out the sections of the devref dealing with security issues:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: