[Secure-testing-team] Security update for fuse
Martin Schulze
joey at infodrom.org
Tue Jun 7 06:59:47 UTC 2005
Bartosz Fenski aka fEnIo wrote:
> > . please forward it upstream
>
> Upstream knows it already and that was the reason to release 2.3.0 version.
But upstream probably doesn't know about the CVE id.
CAN-2005-nnnn a unique identifier for a vulnerability in a software
package. The database behind this is maintained at MITRE's Common
Vulnerabilities and Exposures project <http://cve.mitre.org/cve/>.
Details for such an id are available after a few days of quarantaine
at <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-nnnn>.
Many vendors (both propriatery and Free Software) participate in this
database and assign the id to vulnerability reports or updates they
produce. These IDs help us security people generally for identifying
if a given package is fixed or if a given update fixes which problem.
Please mention this ID in the changelog and/or project announcements.
Regards,
Joey
--
No question is too silly to ask, but, of course, some are too silly
to answer. -- Perl book
More information about the Secure-testing-team
mailing list