Hi!
On Sat, Jan 24, 2015 at 11:17:03AM +0100, László Böszörményi (GCS) wrote:
> On Sat, Jan 24, 2015 at 11:04 AM, Salvatore Bonaccorso
> <car...@debian.org> wrote:
> > On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote:
> >> and the directory traversal via file rename does not seem to have a
> >> CVE yet? (retitling back this subject just to avoid confusion).
> >
> > I have requested a CVE for this one at
> > http://www.openwall.com/lists/oss-security/2015/01/24/2
> OK, but please note that there are three CVE number requests
> now[1][2][3]. Fixes are released and the packaging is ready. Should I
> wait for the CVE number assignment to note those in changelog or
> better if I upload the new version?
IMO, if you have patches ready to fix these issues, you can go ahead
with an upload if CVEs are not assigned by then, since for all but one
we have also a reference in the BTS identifying the issue.
Regards,
Salvatore
p.s.: don't use the TEMP names in the changelog, since they can change
over time.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
