[Secure-testing-team] [Secure-testing-commits] r12531 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Sun Aug 9 17:02:49 UTC 2009
Hi,
* Michael S. Gilbert <michael.s.gilbert at gmail.com> [2009-08-09 18:42]:
> On Sun, 9 Aug 2009 13:56:23 +0000 Nico Golde wrote:
>
> > Author: nion
> > Date: 2009-08-09 13:56:23 +0000 (Sun, 09 Aug 2009)
> > New Revision: 12531
> >
> > Modified:
> > data/CVE/list
> > Log:
> > add todos for new items, please do that as well next time
> >
> > Modified: data/CVE/list
> > ===================================================================
> > --- data/CVE/list 2009-08-09 13:55:11 UTC (rev 12530)
> > +++ data/CVE/list 2009-08-09 13:56:23 UTC (rev 12531)
> > @@ -4,11 +4,13 @@
> > - rubygems <not-affected>
> > NOTE: debian's version installs gems packages to /var/lib/gems,
> > NOTE: so no opportunity to overwrite system files
> > + TODO: request CVE id
>
> ok, is a mail to oss-sec like yours sufficient? also, i thought there
> were going to be some workflow changes where the security team could
> autonomously assign a CVE from a pool allocated to debian. are there
> any formal plans for that? or would that only be done along with a DSA?
Sorry misunderstanding, I was just referring to the TODO
entries. Just add those TODOs in the future and you'll be
fine. Just want to make sure nothing is missing later.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20090809/b0cb6700/attachment.pgp>
More information about the Secure-testing-team
mailing list