Re: show DTSAs as fixed even without CVE ids

To: Nico Golde <nico@ngolde.de>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: show DTSAs as fixed even without CVE ids
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 16 Jan 2008 00:23:25 +0100
Message-id: <[🔎] 20080115232325.GA4585@galadriel.inutil.org>
In-reply-to: <[🔎] 20080115231255.GD24984@ngolde.de>
References: <[🔎] 20080115231255.GD24984@ngolde.de>

On Wed, Jan 16, 2008 at 12:12:56AM +0100, Nico Golde wrote:
> Hi,
> in the case of vlc it does show up in the tracker as unfixed 
> because the CVE ids in the CVE list are not marked with a 
> DTSA tag because the ids are missing from DTSA/list.
> 
> Any way to workaround this?
> I tried naming them with CVE-2007-YXXX CVE-2007XYXX and so 
> on but the pre-commit hook doesn't like this.

The only workaround I can see is adding [lenny] entries to
CVE/list, e.g.

CVE-2007-XXXX [vlc arbitrary file overwrite vulnerability via crafted m3u playlists]
        - vlc 0.8.6.c-4.1 (medium; bug #458318)
        [lenny] - vlc 0.8.6.c-4.1~lenny1
 
Cheers,
        Moritz

Reply to:

References:
- show DTSAs as fixed even without CVE ids
  - From: Nico Golde <nico@ngolde.de>

Prev by Date: show DTSAs as fixed even without CVE ids
Next by Date: Re: show DTSAs as fixed even without CVE ids
Previous by thread: show DTSAs as fixed even without CVE ids
Next by thread: Re: show DTSAs as fixed even without CVE ids
Index(es):
- Date
- Thread