Marcin Owsiany wrote:
> During fixing the bug in linki.py with upstream author, we have found
> and fixed similar and other security-related bugs in other
> user-contributed scripts.
>
> 1.6rc2 is released, which fixes them all. I want to upload it to
> unstable, and backport the fixes to stable. However before that, I would
> like to know whether I should request another CAN ID for the newly
> discovered bugs? I mean - what is best for you - the security teams in
> terms of tracking the bug later?
Having a CVE id before disclosure is always better.
However, whether a new CVE id is warranted depends on the problem.
Without details I can't tell.
Regards,
Joey
--
Reading is a lost art nowadays. -- Michael Weber
Please always Cc to me when replying to me on the lists.
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
