Re: DSA-2189-1 vs. tracker
On Fri, 11 Mar 2011 18:36:38 +0100 Francesco Poli wrote:
> Hi all,
> everything seems to be OK with the DSA-2189-1  tracker page  and
> its associated CVE numbers.
> Some CVE numbers were apparently assigned after the release of the DSA.
> I seem to be able to map the CVE-less vulnerabilities to the CVE
> numbers mentioned in the tracker , except for the first two:
If you can specify which issues these are, and if you've checked the
source to confirm, we can make these updates.
> Out-of-bounds read in text searching 
> Memory corruption in SVG fonts. 
> Are these two still CVE-less?
> If so, I cannot find any corresponding TEMP entry in the tracker .
> Where are they? Should they be added to the tracker?
We won't necessarily enter cve-less issues in the tracker. However,
once these do get assigned ids we will make sure they get recorded as
fixed in this dsa.