Re: Marking TEMP-* issues as resolved
Hi Mike, On Wed, Sep 30, 2015 at 04:19:09AM +, Mike Gabriel wrote: > Hi Guido, > > On So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote: > > >Hi, > >On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote: > >>Hi Gudio, > >> > >>On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote: > >>> Hi, > >>> > >>> for the glibc update I'm preparing three issues that don't have a CVE > >>> assigned yet so they can't be marked as resolved via the entry in > >>> data/DLA/list. Is the correct way to tag these by just adding: > >>> > >>> [squeeze] - eglibc 2.11.3-4+deb6u7 > >>> > >>> to the entries in data/CVE/list after the upload? > >> > >>yes, but please as well ad a note so that once the CVE is assigned, > >>the entry is moved to the correct data/{DSA,DLA}/list. > >> > >>Something like (no rule, but makes it easier to update once CVE > >>assigned): > >> > >>> NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE > >>> assigned. > > > >Done. Thanks! > > -- Guido > > I just tried to learn from the above discussion and add that work-around > note for libemail-address-perl (which I did now via rev36901). > > However, I could not find any work-around note for eglibc in the > data/CVE/list, not in the file itself nor in the commit history. > > Is it possible that you forgot to actually commit that change (or such)? The > commit directly after the above mail seems to be rev36841, but that only > contains references to upstream fixes, not a reference from data/CVE/list to > a DLA in data/DLA/list. Have a look at revision 36863 It adds [squeeze] - eglibc 2.11.3-4+deb6u7 NOTE: Added workaround entry for DLA-316-1 until CVE assigned. (and removed previous [squeeze] - eglibc (Reason) lines for the same CVE entry). HTH, Regards, Salvatore
Re: Marking TEMP-* issues as resolved
Hi Guido, On So 27 Sep 2015 17:03:51 CEST, Guido Günther wrote: Hi, On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote: Hi Gudio, On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote: > Hi, > > for the glibc update I'm preparing three issues that don't have a CVE > assigned yet so they can't be marked as resolved via the entry in > data/DLA/list. Is the correct way to tag these by just adding: > > [squeeze] - eglibc 2.11.3-4+deb6u7 > > to the entries in data/CVE/list after the upload? yes, but please as well ad a note so that once the CVE is assigned, the entry is moved to the correct data/{DSA,DLA}/list. Something like (no rule, but makes it easier to update once CVE assigned): > NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE > assigned. Done. Thanks! -- Guido I just tried to learn from the above discussion and add that work-around note for libemail-address-perl (which I did now via rev36901). However, I could not find any work-around note for eglibc in the data/CVE/list, not in the file itself nor in the commit history. Is it possible that you forgot to actually commit that change (or such)? The commit directly after the above mail seems to be rev36841, but that only contains references to upstream fixes, not a reference from data/CVE/list to a DLA in data/DLA/list. Just curious and eager to learn more about the workflow of Debian security and LTS, Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgptakRsUo9yk.pgp Description: Digitale PGP-Signatur
Re: Marking TEMP-* issues as resolved
Hi, On Sun, Sep 27, 2015 at 10:42:20AM +0200, Salvatore Bonaccorso wrote: > Hi Gudio, > > On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote: > > Hi, > > > > for the glibc update I'm preparing three issues that don't have a CVE > > assigned yet so they can't be marked as resolved via the entry in > > data/DLA/list. Is the correct way to tag these by just adding: > > > > [squeeze] - eglibc 2.11.3-4+deb6u7 > > > > to the entries in data/CVE/list after the upload? > > yes, but please as well ad a note so that once the CVE is assigned, > the entry is moved to the correct data/{DSA,DLA}/list. > > Something like (no rule, but makes it easier to update once CVE > assigned): > > > NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE > > assigned. Done. Thanks! -- Guido
Re: Marking TEMP-* issues as resolved
Hi Gudio, On Sun, Sep 27, 2015 at 10:17:14AM +0200, Guido Günther wrote: > Hi, > > for the glibc update I'm preparing three issues that don't have a CVE > assigned yet so they can't be marked as resolved via the entry in > data/DLA/list. Is the correct way to tag these by just adding: > > [squeeze] - eglibc 2.11.3-4+deb6u7 > > to the entries in data/CVE/list after the upload? yes, but please as well ad a note so that once the CVE is assigned, the entry is moved to the correct data/{DSA,DLA}/list. Something like (no rule, but makes it easier to update once CVE assigned): > NOTE: Added workaround entry for DSA--1/DLA-XXX-1 until CVE > assigned. Regards, Salvatore