[Secure-testing-team] Proposed syntax changes for CAN/list /
finalization phase
Joey Hess
joeyh at debian.org
Sat Sep 24 16:28:48 UTC 2005
Moritz Muehlenhoff wrote:
> 6. For syntactical clarity cross references in {} should only be allowed directly
> after the CVE line.
Agreed for CVEs (also already enforced by updatelist IIRC), but for
DSAs, see DSA-573-1 of an example of a DSA that was complex enough in
what it affected that it made sense to list the CVE references
separately:
[21 Oct 2004] DSA-573-1 cupsys - integer overflows
{CAN-2004-0888}
- cupsys 1.1.20final+rc1-10
{CAN-2004-0889}
- xpdf 3.00-10
NOTE: kpdf and kfax are fixed in sarge, bug #278173 and #280373 for reference
- kpdf 4:3.3.1-1
- gpdf 2.8.0-1
- kfax 4:3.3.1-1
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20050924/fd97cbfa/attachment.pgp
More information about the Secure-testing-team
mailing list