Bug#610228: Find a way to record vulnerabilities in upcoming package versions
Package: security-tracker
Severity: wishlist
We currently lack a way to record this information in a
machine-readable fashion. Here's an example:
CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...)
- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
NOTE: http://seclists.org/bugtraq/2010/Apr/196
TODO: recheck when 1.4.3 gets uploaded to unstable
This is somewhat tricky because currently, we only support statements
like "fixed in all versions after X", not arbitrary version number
ranges.
Reply to: