Following security issues found upstream

To: debian-security@lists.debian.org
Subject: Following security issues found upstream
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Thu, 13 Dec 2001 19:15:23 +0100
Message-id: <[🔎] 20011213181523.GA22044@dat.etsit.upm.es>

	How do the Debian Security team currently follow the vulnerabilities posted
upstream? I guess that's easy when the upstream maintainer (or the one that found the
bug) tells Debian's team before posting. But what if somebody posts in bugtraq a
security issue around a software available at Debian.

	I know that the security team keeps track of bugtraq, but is there any public
database (a 'security.debian.org' virtual package at bugs.debian.org?) where interested
people can ask. Hey, what about Bugtraq-ID (or CVE-ID) XXX. Has it been fixed in Debian?
what packages does it affect? has there been a DS released?

	I guess a public database could be useful both for

- the team to coordinate themselves
- interested people to follow the situation and maybe help if needed

	It is really a pain extracting and correlating DSA's and public announcements
(Bugtraq's DB) BTW, but I'll comment on this later on (after I'm done doing some
statistics for today's conference)

	Regards

	Javi

Reply to:

Follow-Ups:
- Re: Following security issues found upstream
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Apt-get is insecure
Next by Date: Re: Apt-get is insecure
Previous by thread: Re: Apt-get is insecure
Next by thread: Re: Following security issues found upstream
Index(es):
- Date
- Thread