Hi Gregory, * Gregory Colpart <[EMAIL PROTECTED]> [2008-07-27 18:49]: > On Sun, Jul 27, 2008 at 05:38:20PM +0200, Nico Golde wrote: > > > > I can't see an old CVE id describing this problem, is a new CVE > > > > id needed for this one? > > > > > > There is no CVE id for it. I'm not sure Debian needs a new CVE id > > > because upstream said only Horde 3.2 and Turba 2.2 are affected > > > (this versions are *not* in Debian). > > > > But they were in the archive and other vendors might still have them in > > their archive. I also added 2.2.1-1 as the fixed version in > > the security tracker and requested a CVE id. > > No, these versions were never in the archive. > But yes, other vendors could be affected.
Now I am confused why you opened the bug report then :) Anyway, every security issue should get a CVE id. Even if no version in Debian was affected by this it helps us to track the security issue. > > P.S. Please mention such fixes as security fixes in the > > changelog next time so we can get them easier on our > > radars. > > Even if the version affected was not in Debian? No, sure not. I just saw you mentioned it in the turba changelog (not as security fix) and not in the horde changelog. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpZoGvcS6ZpA.pgp
Description: PGP signature
