Re: DSA-2189-1 vs. tracker

To: Debian-security-tracker <debian-security-tracker@lists.debian.org>
Subject: Re: DSA-2189-1 vs. tracker
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Fri, 11 Mar 2011 17:16:20 -0500
Message-id: <[🔎] 20110311171620.9eba5ed5.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20110311183638.e880586d.invernomuto@paranoici.org>
References: <[🔎] 20110311183638.e880586d.invernomuto@paranoici.org>

On Fri, 11 Mar 2011 18:36:38 +0100 Francesco Poli wrote:

> Hi all,
> everything seems to be OK with the DSA-2189-1 [1] tracker page [2] and
> its associated CVE numbers.
> Some CVE numbers were apparently assigned after the release of the DSA.
> I seem to be able to map the CVE-less vulnerabilities to the CVE
> numbers mentioned in the tracker [2], except for the first two:

If you can specify which issues these are, and if you've checked the
source to confirm, we can make these updates.

>  Out-of-bounds read in text searching [69640]
>  Memory corruption in SVG fonts. [72134]
> 
> Are these two still CVE-less?
> If so, I cannot find any corresponding TEMP entry in the tracker [3].
> Where are they? Should they be added to the tracker?

We won't necessarily enter cve-less issues in the tracker. However,
once these do get assigned ids we will make sure they get recorded as
fixed in this dsa.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: DSA-2189-1 vs. tracker
  - From: Francesco Poli <invernomuto@paranoici.org>

References:
- DSA-2189-1 vs. tracker
  - From: Francesco Poli <invernomuto@paranoici.org>

Prev by Date: DSA-2189-1 vs. tracker
Next by Date: Re: DSA-2189-1 vs. tracker
Previous by thread: DSA-2189-1 vs. tracker
Next by thread: Re: DSA-2189-1 vs. tracker
Index(es):
- Date
- Thread