On Wed 2024/11/27 23:21:42-0800 (PST), Salvatore Bonaccorso wrote:
Hi Hong, On Tue, Nov 26, 2024 at 11:29:58PM -0800, Hong Xu wrote:I am a maintainer of the upstream of editorconfig. I added CVE-2024-53849 to the CVE database today. This is related to the editorconfig package in Debian. Additionally, the security fix was available about 9 months ago, in case this information matters (only realized it wasn't in CVE today, my bad).Yes thanks a lot. We are tracking the CVE as https://security-tracker.debian.org/tracker/CVE-2024-53849
Thanks Salvatore. In the future, should I always report new CVE items from packages maintained by me to this mailing list? Or, should I trust the Debian Security Team would associate new items in CVE with Debian packages? I couldn't find related information on the website... Hong