[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted elog 2.5.7+r1558-2 (i386 source)

Steve Langasek wrote:
> On Thu, May 05, 2005 at 12:12:11PM +0300, Recai Oktas wrote:
> > * Steve Langasek [2005-05-05 01:23:19-0700]
> > > On Thu, May 05, 2005 at 03:32:12AM -0400, Recai Okta?? wrote:
> > [...]
> > > >  elog (2.5.7+r1558-2) testing-proposed-updates; urgency=high
> > > >  .
> > > >    * Fix a possible buffer overflow.
> > > >    * Urgency set to high because of the security issue.
> > > >    * Minor doc fix in welcome message.
> > > >    * Improve package description.
> > > 
> > > This changelog mentions neither a Debian bug number, nor a CVE id for this
> > > problem; is either available?
> 
> > No, neither is available.  Should I first submit a bug for this issue?
> 
> No, but please contact the security team and the testing security team to
> inform them of this upload.

FYI: I can only request a CVE Id for a vulnerability we will report
about in a security advisory.  If we don't send out an advisory, I
won't get a CVE Id (unless another vendor issues an advisory).

Recai, please talk to security@debian.org if you need more from
me as I haven't followed all elog mails on -release.

Regards,

	Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law
Reply to: