On Wed, Oct 09 2024, Guillem Jover wrote: > It would be nice if you could retroactively include references to > the three CVEs in that changelog entry: > > CVE-2022-23491, CVE-2023-37920, CVE-2024-39689 > > So that the security tracker can automatically mark them as fixed.
I plan on editing the security tracker directly, but currently we're discussing the "not affected" vs. "no DSA" semantics. > As an aside, we use «dfsg» when repackaging sources that contain > problematic files due to license or copyright issues. When repacking > for other reasons, the convention is to use instead «ds» (for Debian > Source), sometimes with an iteration number appended such as «ds1». > To avoid confusion perhaps on the next upstream release upload you > could switch the suffix? :) You're absolutely right... I'll have to remember to do just that! Cheers, -- Seb
