We have changed the tracker to use temporary names containing truncated hashes of the description. This means that URLs such as http://security-tracker.debian.org/tracker/TEMP-0000000-9A49E3 are more stable now. Basically, they are invalidated only if the description changes or a CVE name is finally assigned to the issue. The new URLs are also picked up by debsecan and included in daily reports.