Re: Marking TEMP-* issues as resolved
Hi Mike,
On Wed, Sep 30, 2015 at 04:19:09AM +, Mike Gabriel wrote:
> Hi Guido,
>
> On So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote:
>
> >Hi,
> >On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
> >>Hi Gudio,
> >>
> >>On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> >>> Hi,
> >>>
> >>> for the glibc update I'm preparing three issues that don't have a CVE
> >>> assigned yet so they can't be marked as resolved via the entry in
> >>> data/DLA/list. Is the correct way to tag these by just adding:
> >>>
> >>> [squeeze] - eglibc 2.11.3-4+deb6u7
> >>>
> >>> to the entries in data/CVE/list after the upload?
> >>
> >>yes, but please as well ad a note so that once the CVE is assigned,
> >>the entry is moved to the correct data/{DSA,DLA}/list.
> >>
> >>Something like (no rule, but makes it easier to update once CVE
> >>assigned):
> >>
> >>> NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE
> >>> assigned.
> >
> >Done. Thanks!
> > -- Guido
>
> I just tried to learn from the above discussion and add that work-around
> note for libemail-address-perl (which I did now via rev36901).
>
> However, I could not find any work-around note for eglibc in the
> data/CVE/list, not in the file itself nor in the commit history.
>
> Is it possible that you forgot to actually commit that change (or such)? The
> commit directly after the above mail seems to be rev36841, but that only
> contains references to upstream fixes, not a reference from data/CVE/list to
> a DLA in data/DLA/list.
Have a look at revision 36863
It adds
[squeeze] - eglibc 2.11.3-4+deb6u7
NOTE: Added workaround entry for DLA-316-1 until CVE assigned.
(and removed previous [squeeze] - eglibc (Reason) lines for
the same CVE entry).
HTH,
Regards,
Salvatore
Re: Marking TEMP-* issues as resolved
Hi Guido,
On So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote:
Hi,
On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
Hi Gudio,
On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> Hi,
>
> for the glibc update I'm preparing three issues that don't have a CVE
> assigned yet so they can't be marked as resolved via the entry in
> data/DLA/list. Is the correct way to tag these by just adding:
>
> [squeeze] - eglibc 2.11.3-4+deb6u7
>
> to the entries in data/CVE/list after the upload?
yes, but please as well ad a note so that once the CVE is assigned,
the entry is moved to the correct data/{DSA,DLA}/list.
Something like (no rule, but makes it easier to update once CVE
assigned):
> NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE
> assigned.
Done. Thanks!
-- Guido
I just tried to learn from the above discussion and add that
work-around note for libemail-address-perl (which I did now via
rev36901).
However, I could not find any work-around note for eglibc in the
data/CVE/list, not in the file itself nor in the commit history.
Is it possible that you forgot to actually commit that change (or
such)? The commit directly after the above mail seems to be rev36841,
but that only contains references to upstream fixes, not a reference
from data/CVE/list to a DLA in data/DLA/list.
Just curious and eager to learn more about the workflow of Debian
security and LTS,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgptakRsUo9yk.pgp
Description: Digitale PGP-Signatur
Re: Marking TEMP-* issues as resolved
Hi,
On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote:
> Hi Gudio,
>
> On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> > Hi,
> >
> > for the glibc update I'm preparing three issues that don't have a CVE
> > assigned yet so they can't be marked as resolved via the entry in
> > data/DLA/list. Is the correct way to tag these by just adding:
> >
> > [squeeze] - eglibc 2.11.3-4+deb6u7
> >
> > to the entries in data/CVE/list after the upload?
>
> yes, but please as well ad a note so that once the CVE is assigned,
> the entry is moved to the correct data/{DSA,DLA}/list.
>
> Something like (no rule, but makes it easier to update once CVE
> assigned):
>
> > NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE
> > assigned.
Done. Thanks!
-- Guido
Re: Marking TEMP-* issues as resolved
Hi Gudio,
On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote:
> Hi,
>
> for the glibc update I'm preparing three issues that don't have a CVE
> assigned yet so they can't be marked as resolved via the entry in
> data/DLA/list. Is the correct way to tag these by just adding:
>
> [squeeze] - eglibc 2.11.3-4+deb6u7
>
> to the entries in data/CVE/list after the upload?
yes, but please as well ad a note so that once the CVE is assigned,
the entry is moved to the correct data/{DSA,DLA}/list.
Something like (no rule, but makes it easier to update once CVE
assigned):
> NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE
> assigned.
Regards,
Salvatore
