From 42edb6f561a6f0efcd4bf1115482862acc554eae Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 13 Nov 2016 12:53:28 +0000
Subject: Document CVE Request syntax

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@46157 e39458fd-73e7-0310-bf30-c45bca0a0e42
---
 doc/security-team.d.o/security_tracker | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'doc')

diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker
index d8987966a3..2ca20f5714 100644
--- a/doc/security-team.d.o/security_tracker
+++ b/doc/security-team.d.o/security_tracker
@@ -437,6 +437,14 @@ entry in the upstream bug tracker, or a bug in the Debian BTS.  If the
 issue is likely present in unstable, a bug should be filed to help the
 maintainer to track it.
 
+If a CVE is requested and found unter a particular URL, please add a NOTE
+as follows:
+
+            NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/13/1
+
+Once a CVE is assigned, the 'CVE Request: ' only or the whole line might be
+cleaned up.
+
 Lack of CVE entries should not block advisory publication which are
 otherwise ready, but we should strive to release fully
 cross-referenced advisories nevertheless.
-- 
cgit v1.2.3