[Secure-testing-team] Re: ekg: CAN-2005-1916 Bug#317027 and #318059

[Martin Schulze]

Marcin Owsiany wrote:
> During fixing the bug in linki.py with upstream author, we have found
> and fixed similar and other security-related bugs in other
> user-contributed scripts.
> 
> 1.6rc2 is released, which fixes them all. I want to upload it to
> unstable, and backport the fixes to stable. However before that, I would
> like to know whether I should request another CAN ID for the newly
> discovered bugs? I mean - what is best for you - the security teams in
> terms of tracking the bug later?

Having a CVE id before disclosure is always better.

However, whether a new CVE id is warranted depends on the problem.
Without details I can't tell.

Regards,

	Joey

-- 
Reading is a lost art nowadays.  -- Michael Weber

Please always Cc to me when replying to me on the lists.