Re: [Secure-testing-commits] r28952 - in data: . CVE

To: Raphael Hertzog <hertzog@debian.org>, debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r28952 - in data: . CVE
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Tue, 23 Sep 2014 22:07:49 +0200
Message-id: <[🔎] 20140923200748.GA4393@pisco.westfalen.local>
In-reply-to: <[🔎] 20140922121107.GA20870@x230-buxy.home.ouaza.com>
References: <E1XW0al-00065J-V8@moszumanska.debian.org> <[🔎] 20140922121107.GA20870@x230-buxy.home.ouaza.com>

On Mon, Sep 22, 2014 at 02:11:07PM +0200, Raphael Hertzog wrote:
> Hi,
> 
> Side remark: Could we get reply-to set to
> debian-security-tracker@lists.debian.org on the commit mails?
> 
> On Mon, 22 Sep 2014, Moritz Muehlenhoff wrote:
> > Modified:
> >    data/CVE/list
> >    data/dsa-needed.txt
> > Log:
> > remove unfixed entries for squeeze, all older versions in the older suites
> >   are unfixed by default
> 
> I knew this and I asked this on IRC #debian-security without getting any
> reply:
> 10:51 <buxy> does it hurt to add "[squeeze] - <unfixed>" even though the
> tracker knows it already? It could be useful as a confirmation that someone
> investigated the issue and confirmed that squeeze is affected.

There's an enhancement bug for such a <confirmed> tag, IIRC.
 
> > remove apache2 from dsa-needed, only one debatable issue is open for wheezy
> 
> Why don't you add <no-dsa> at the same time then?

Because it is not fully decided yet, Stefan should have a look.

Cheers,
        Moritz

Reply to:

References:
- Re: [Secure-testing-commits] r28952 - in data: . CVE
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Processed: merge
Next by Date: Re: Guidance on <no-dsa> and adding entries to dsa/dla-needed.txt
Previous by thread: Re: [Secure-testing-commits] r28952 - in data: . CVE
Next by thread: Guidance on <no-dsa> and adding entries to dsa/dla-needed.txt
Index(es):
- Date
- Thread