On Mon, May 23, 2011 at 11:39 PM, Nikolaus Rath <[email protected]> wrote:
> http://packages.qa.debian.org/f/fuse.html reports 4 open security > issues. I prepared an upload that fixes them, but how do I tell the > package tracking system that they are fixed? There seem to be no > associated debian BTS numbers. You can find the associated bug numbers on the individual CVEs: http://security-tracker.debian.org/tracker/CVE-2010-3879 => #602333 http://security-tracker.debian.org/tracker/CVE-2011-0541 => #624551 http://security-tracker.debian.org/tracker/CVE-2011-0542 => #624551 http://security-tracker.debian.org/tracker/CVE-2011-0543 => #624551 Be sure to mention the CVE numbers in debian/changelog for the upload that fixes them. Also check out the sections of the devref dealing with security issues: http://www.debian.org/doc/manuals/developers-reference/pkgs.html#s5.6.4 http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
