On Mon, May 04, 2015 at 09:09:04AM +0200, Mike Gabriel wrote: > Package: security-tracker > Severity: wishlist > Tags: patch > > Hi, > > attached is a patch that adds manual DLA/DSA id override support if an > upload tackles a regression already announce via an earlier DSA/DLA. > > Current use case / example: > > xorg-server <ver>+deb6u1 (DLA-120-1) fixed CVE-2014-8092 > xorg-server <ver>+deb6u2 (DLA-218-1) fixed some other CVE (irrelevant here) > xorg-server <ver>+deb6u3 (DLA-120-2) fixes CVE-2015-3418 (regression of > fix for CVE-2014-8092) > > At the moment: when using bin/genDLA like this: > > $ bin/gen-DLA --save xorg-server regression CVE-2015-3418 > > .... the script will create a follow-DLA for 218-1 (i.e., 218-2). Whereas > the correct/wanted DLA id would be 120-2. > > The attached patch allows one to specify the DLA id to follow up on with > the "regression" keyword. Thus, with the patch applied, I can do this: > > $ bin/gen-DLA --save xorg-server regression:120-1 CVE-2015-3418 > > .... which then will provide me with a DLA-120-2 mail template and put > the prepared upload of my xorg-server package into data/DLA/list. You can just run: $ bin/gen-DLA --save 120-2 xorg-server regression CVE-2015-3418 and it will create DLA-120-2 as you instruct the script to do. Cheers
Attachment:
signature.asc
Description: Digital signature