Bug#610228: Find a way to record vulnerabilities in upcoming package versions

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#610228: Find a way to record vulnerabilities in upcoming package versions
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 16 Jan 2011 12:56:59 +0100
Message-id: <[🔎] 87hbd9ukms.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 610228@bugs.debian.org

Package: security-tracker
Severity: wishlist

We currently lack a way to record this information in a
machine-readable fashion.  Here's an example:

CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...)
        - imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
        NOTE: http://seclists.org/bugtraq/2010/Apr/196
        TODO: recheck when 1.4.3 gets uploaded to unstable

This is somewhat tricky because currently, we only support statements
like "fixed in all versions after X", not arbitrary version number
ranges.

Reply to:

Prev by Date: Bug#610227: Move scripts driven by cron etc. to separate directory
Next by Date: Bug#479727: security-tracker: Show unimportant issues in some way on package overview
Previous by thread: Bug#610227: Move scripts driven by cron etc. to separate directory
Next by thread: Initial patch to make the tracker release-independent
Index(es):
- Date
- Thread