From 0627a311ba989a46b7046ed210b8d8dd43695c66 Mon Sep 17 00:00:00 2001 From: Luciano Bello Date: Sun, 26 Jan 2014 15:56:14 +0000 Subject: On TODO: check git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@25370 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/narrative_introduction | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'doc/narrative_introduction') diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 248885582f..0f84e4742f 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -391,6 +391,15 @@ CVE-2005-3990 (Directory traversal vulnerability in FastJar 0.93 allows remote ...) TODO: check, whether fastjar from the gcc source packages is affected +If you are not sure about some decision (e.g. which package is affected) or +classification (e.g. bug severity) you can leave a TODO note for reviewing, +explaining which aspect have to be reviewed. For example: + +CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...) + - tor 0.2.4.20-1 (low) + [wheezy] - tor (Minor issue) + TODO: review, severity. The exploitation scenario is too complicated. + It is also useful to add information to issues as you find it, so that when others go to look at an issue and want to know why you marked it as you did, or need a reference, it will be there. The more -- cgit v1.2.3