Re: CVE ID missed in DLA, squid3

To: debian-lts@lists.debian.org
Subject: Re: CVE ID missed in DLA, squid3
From: Markus Koschany <apo@debian.org>
Date: Sat, 10 Nov 2018 15:10:02 +0100
Message-id: <[🔎] fd39faac-b7b9-5768-27d2-6dead3080933@debian.org>
In-reply-to: <[🔎] 4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>
References: <[🔎] 4d181c31-4a1e-978d-8439-323fecd2c02a@disroot.org>

Hi,

Am 10.11.18 um 13:38 schrieb Abhijith PA:
> Hello.
> 
> 
> What we should do when we miss to specify a CVE ID in a DLA/DSA ? Can we
> just normally insert in next advisory release.? For eg: DLA-478-1[1]
> released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.


You can add the missing CVE entry to data/DLA/list manually and you also
have to mark CVE-2016-3948 as fixed by DLA-478-1 like that {DLA-478-1}.

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE ID missed in DLA, squid3
  - From: Abhijith PA <abhijith@disroot.org>

References:
- CVE ID missed in DLA, squid3
  - From: Abhijith PA <abhijith@disroot.org>

Prev by Date: Re: CVE ID missed in DLA, squid3
Next by Date: Re: CVE ID missed in DLA, squid3
Previous by thread: Re: CVE ID missed in DLA, squid3
Next by thread: Re: CVE ID missed in DLA, squid3
Index(es):
- Date
- Thread