Re: How to close open security issues

To: debian-mentors@lists.debian.org
Subject: Re: How to close open security issues
From: Thomas Goirand <zigo@debian.org>
Date: Tue, 24 May 2011 18:08:22 +0800
Message-id: <[🔎] 4DDB8396.3050705@debian.org>
In-reply-to: <[🔎] 4DDA8AD1.3030806@powered-by-linux.com>
References: <[🔎] 87aaeds9y6.fsf@inspiron.ap.columbia.edu> <[🔎] BANLkTikzftkKHkAnR0+Sz1mu5QQ8pDohCg@mail.gmail.com> <[🔎] 4DDA8AD1.3030806@powered-by-linux.com>

On 05/24/2011 12:26 AM, sils wrote:
> Hi,
>
> Paul, please correct me if I was wrong..
> There are a bug in BTS related with 3 of these CVEs
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624551
>
>   
>> http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551
>>     
> I found out that It would be needed to add, also, in debian/changelog
> the mention of this bug number.
>
> Just, hope this will help.
>
> Kind regards,
>
> Sils
>   
Sure. The changelog entry can be like this:

  * Fixed CVE-2010-3879 CVE-2011-0541, CVE-2011-0542, CVE-2011-0543:
   an unprivileged user could unmount arbitrary locations via symlink attack
   due to a race condition (Closes: #624551, #602333).

Cheers,

Thomas Goirand (zigo)

Reply to:

References:
- How to close open security issues
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: How to close open security issues
  - From: Paul Wise <pabs@debian.org>
- Re: How to close open security issues
  - From: sils <sils@powered-by-linux.com>

Prev by Date: Re: Cannot push changes to git repo
Next by Date: Re: Cannot push changes to git repo
Previous by thread: Re: How to close open security issues
Next by thread: Re: How to close open security issues
Index(es):
- Date
- Thread