Hi, Paul, please correct me if I was wrong.. There are a bug in BTS related with 3 of these CVEs http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624551 > http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551 > http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551 > http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551 I found out that It would be needed to add, also, in debian/changelog the mention of this bug number. Just, hope this will help. Kind regards, Sils On 05/23/2011 06:03 PM, Paul Wise wrote: > On Mon, May 23, 2011 at 11:39 PM, Nikolaus Rath <Nikolaus@rath.org> wrote: > >> http://packages.qa.debian.org/f/fuse.html reports 4 open security >> issues. I prepared an upload that fixes them, but how do I tell the >> package tracking system that they are fixed? There seem to be no >> associated debian BTS numbers. > > You can find the associated bug numbers on the individual CVEs: > > http://security-tracker.debian.org/tracker/CVE-2010-3879 => #602333 > http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551 > http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551 > http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551 > > Be sure to mention the CVE numbers in debian/changelog for the upload > that fixes them. > > Also check out the sections of the devref dealing with security issues: > > http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4 > http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security >
Attachment:
signature.asc
Description: OpenPGP digital signature