diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2009-02-27 19:17:20 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2009-02-27 19:17:20 +0000 |
commit | 2821dc601f748ed8d8bc7020433c5f4416a80179 (patch) | |
tree | a7a63963d535b785aac745b36e6cd1302f6d3a7e /doc/narrative_introduction | |
parent | 5a84b581b7e03b74fe7dd8ad49b6d629728644eb (diff) |
CVE-20yy-XXXX documentation
Feel free to edit if necessary.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11279 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
-rw-r--r-- | doc/narrative_introduction | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index aa06eb4ef0..3d154265c4 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -297,6 +297,30 @@ STABLE11 and ...) NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, NOTE: this patch was never applied to the Debian package. +CVE assignments +--------------- + +Debian can only assign CVE names from its own pool for issues which +are not public. To request a CVE from the Debian pool, write to +<security@debian.org> and include a description which follows CVE +conventions. To request a CVE for public issues, write to MITRE and +possibly to the moderated oss-security list. In the meantime, you can +add an entry of the form + +CVE-2009-XXXX [optipng array overflow] + - optipng 0.6.2.1-1 (low) + NOTE: http://secunia.com/advisories/34035/ + +in the data/CVE/list file. It is desirable to include references +which uniquely identify the issue, such as a permanent link to an +entry in the upstream bug tracker, or a bug in the Debian BTS. If the +issue is likely present in unstable, a bug should be filed to help the +maintainer to track it. + +Lack of CVE entries should not block advisory publication which are +otherwise ready, but we should strieve to release fully +cross-referenced advisories nevertheless. + Distribution tags ----------------- Our data is primarily targeted at sid, as we track the version that @@ -412,5 +436,4 @@ helps!) TODO: document DTSAs document tsck -document CVE-XXXX document tracked tag |