On 10 November 2018 7:39:07 PM IST, Holger Levsen <hol...@layer-acht.org> wrote:
>On Sat, Nov 10, 2018 at 06:08:38PM +0530, Abhijith PA wrote:
>> What we should do when we miss to specify a CVE ID in a DLA/DSA ?
>
>I'd say definitly update DLA/list and CVE/list in security-tracker.git
OK
>> Can we
>> just normally insert in next advisory release.? For eg: DLA-478-1[1]
>> released for squid3 on 16 May 2016 missed to mention 'CVE-2016-3948'.
>
>You want to include this info in the next squid3 DLA? I'm not sure this
>is useful, but I'm also not not sure this is what you meant.
I just meant for the public record (other than security tracker). But its a
stupid question, sorry.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
