Your message dated Thu, 6 Oct 2016 21:25:29 +0200
with message-id <[email protected]>
and subject line libarchive: upstream metadata already fixed
has caused the Debian Bug report #828747,
regarding libarchive: Add CPE IDs in upstream/metadata
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
828747: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828747
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: src:libarchive
Version: 3.2.1-1
Severity: wishlist
Tags: patch
Hi. I've been working for a while on a system to make it easier to
track security issues in Debian by mapping packages to the CPE IDs used
to identify affected packages for individual CVEs. Would you be willing
to add the relevant CPE IDs to the source package using the following
patch?
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1 @@
+CPE: cpe:/a:freebsd:libarchive cpe:/a:libarchive:libarchive
The first one was the first CPE associated with libarchive I am aware of
(from 2006), and the second is the more recent one.
--
Happy hacking
Petter Reinholdtsen
--- End Message ---
--- Begin Message ---
Version: 3.2.1-2
The supplied patch should already be part of the version in the archive.
Unfortunately it seems it was forgotten to be mentioned in
debian/changelog. Closing this bug report now.
Regards,
Andreas
--- End Message ---
