Hi Brian, On Fri, Apr 06, 2018 at 07:06:30PM +1000, Brian May wrote: > Ola Lundqvist <[email protected]> writes: > > > This is what I think we should do. > > > > 1) Send a new DLA telling that the fix is only partial and not complete and > > in addtion that elgamal encryption is not supported by the library and > > should not be used. > > > > 2) Mark the CVE as no-dsa/ignored in the security database. > > If so, do we update the DLA 1283-1 to remove the fixed status? I assume > we just have to update the entry in security-tracker/data/DLA/list?
Yes if that what you want to do, to remove the fixed status, just remove the CVE entry from the DLA-1283-1 block in data/DLA/list. At same time remove as well the cross-reference to DLA-1283-1 in data/CVE/list, which OTOH otherwise will be dropped on next automatic run. Regards, Salvatore
