[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: show DTSAs as fixed even without CVE ids

On Wed, Jan 16, 2008 at 12:12:56AM +0100, Nico Golde wrote:
> Hi,
> in the case of vlc it does show up in the tracker as unfixed 
> because the CVE ids in the CVE list are not marked with a 
> DTSA tag because the ids are missing from DTSA/list.
> Any way to workaround this?
> I tried naming them with CVE-2007-YXXX CVE-2007XYXX and so 
> on but the pre-commit hook doesn't like this.

The only workaround I can see is adding [lenny] entries to
CVE/list, e.g.

CVE-2007-XXXX [vlc arbitrary file overwrite vulnerability via crafted m3u playlists]
        - vlc 0.8.6.c-4.1 (medium; bug #458318)
        [lenny] - vlc 0.8.6.c-4.1~lenny1

Reply to: