Re: Proposal/suggestion for security team w.r.t. published vulerabilities
On Tue, Jul 06, 2004 at 03:08:38PM -0400, Michael Stone wrote:
> On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> >As an example, take CAN-2004-0519, CAN-2004-0520 and CAN-2004-0521, all
> >three not yet solved in woody, but also not filed in the BTS (hm, two of
> >them directly refer to a patch solving it...).
> Go ahead and file the bug.
mdz told me this isn't done for practical reasons: the BTS isn't very
suitable for tracking which versions are affected, and a sid upload can
close such a bug while it's still in woody. While I think it'd still be
possible without too much hassle, if they don't want to do so, I'm not
going to interfere in that.
For those two bugs, I'm simply mailing the security team myself, maybe
also file a bug, don't know yet.
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)