On Sun, 9 Aug 2009 13:56:23 +0000 Nico Golde wrote: > Author: nion > Date: 2009-08-09 13:56:23 +0000 (Sun, 09 Aug 2009) > New Revision: 12531 > > Modified: > data/CVE/list > Log: > add todos for new items, please do that as well next time > > Modified: data/CVE/list > =================================================================== > --- data/CVE/list 2009-08-09 13:55:11 UTC (rev 12530) > +++ data/CVE/list 2009-08-09 13:56:23 UTC (rev 12531) > @@ -4,11 +4,13 @@ > - rubygems <not-affected> > NOTE: debian's version installs gems packages to /var/lib/gems, > NOTE: so no opportunity to overwrite system files > + TODO: request CVE id
ok, is a mail to oss-sec like yours sufficient? also, i thought there were going to be some workflow changes where the security team could autonomously assign a CVE from a pool allocated to debian. are there any formal plans for that? or would that only be done along with a DSA? mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
