On Wed, Sep 07, 2016 at 09:10:16PM +0200, Moritz Muehlenhoff wrote: > > So, you've identified the upstream fix for CVE-2016-6293 and why does > that not get commited to the security tracker? > > That really sucks. LTS development almost fully relies on the > security tracker, so why don't you submit generic vulnerability information > you come across? > I was not aware that I needed to do that. It is not documented anywhere in the LTS workflow [0] or in the security tracker itself [1].
Please let me know how I go about adding this to the security tracker and I will. Regards, -Roberto [0] https://wiki.debian.org/LTS/Development [1] https://security-tracker.debian.org/tracker/ -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com