Re: How to close open security issues
On 05/24/2011 12:26 AM, sils wrote:
> Hi,
>
> Paul, please correct me if I was wrong..
> There are a bug in BTS related with 3 of these CVEs
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624551
>
>
>> http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551
>> http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551
>>
> I found out that It would be needed to add, also, in debian/changelog
> the mention of this bug number.
>
> Just, hope this will help.
>
> Kind regards,
>
> Sils
>
Sure. The changelog entry can be like this:
* Fixed CVE-2010-3879 CVE-2011-0541, CVE-2011-0542, CVE-2011-0543:
an unprivileged user could unmount arbitrary locations via symlink attack
due to a race condition (Closes: #624551, #602333).
Cheers,
Thomas Goirand (zigo)
Reply to: