| 105 |
The Mitre update typically manifests in new CVE entries. So what we do |
The Mitre update typically manifests in new CVE entries. So what we do |
| 106 |
is to update our svn repository and then edit data/CVE/list and look |
is to update our svn repository and then edit data/CVE/list and look |
| 107 |
for new TODO entries. These will often be in blocks of 10-50 or so, |
for new TODO entries. These will often be in blocks of 10-50 or so, |
| 108 |
depending on how many new issues they have assigned. Depending on how |
depending on how many new issues they have assigned. |
|
you feel you will "claim" a block of say 10 new entries by |
|
|
putting your name in the file at the beginning and the end of the new |
|
|
TODO entries and then commit the repository. This looks like this: |
|
|
|
|
|
begin claimed by jmm |
|
|
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP |
|
|
usernams and ...) |
|
|
TODO: check |
|
|
CVE-2005-4065 (SQL injection vulnerability in the search module in |
|
|
Edgewall Trac ...) |
|
|
TODO: check |
|
|
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums |
|
|
before 1.5.1 allows ...) |
|
|
TODO: check |
|
|
end claimed by jmm |
|
| 109 |
|
|
| 110 |
Once these are checked-in, then others will not do work on these TODO |
IMPORTANT: make sure to read: |
| 111 |
issues. |
http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html |
| 112 |
|
|
| 113 |
IMPORTANT: make sure to read: http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html |
Issues NOT-FOR-US (NFU) |
|
|
|
|
Issues Not-For-Us (NFU) |
|
| 114 |
----------------------- |
----------------------- |
| 115 |
|
|
| 116 |
Processing your claimed entries is done by first seeing if the issue |
Processing entries is done by first seeing if the issue is related to any |
| 117 |
is related to any software packaged in Debian, if it isn't a package |
software packaged in Debian. If it isn't a package in Debian and has no |
| 118 |
in Debian and has no ITP then you note that in the file. Another case |
ITP then you note that in the file with a 'NOT-FOR-US:' tag. Third-party |
| 119 |
are meta packages that only provide a downloader (e.g. flashplugin-nonfree). |
modules are not yet packaged for Debian are also tagged as NFU; even if |
| 120 |
There is no way to mark such packages as we have no influence on the version |
their parent software is packaged for Debian. The module names should be |
| 121 |
and technically the code is not present in Debian. |
mentioned in the NFU note in order to make issues apparent if that module |
| 122 |
|
should ever receive a propper package. Another case are meta packages |
| 123 |
|
that only provide a downloader (e.g. flashplugin-nonfree). There is no |
| 124 |
|
way to mark such packages as we have no influence on the version and |
| 125 |
|
technically the code is not present in Debian. |
| 126 |
|
|
| 127 |
Example: |
Example: |
| 128 |
|
|
| 134 |
See "bin/check-new-issues -h". For the search functions in |
See "bin/check-new-issues -h". For the search functions in |
| 135 |
check-new-issues to work, you need to have unstable in your |
check-new-issues to work, you need to have unstable in your |
| 136 |
sources.list and have done "apt-get update" and "apt-file update". |
sources.list and have done "apt-get update" and "apt-file update". |
| 137 |
Having libterm-readline-gnu-perl installed helps, too. Unfortunately, |
Having libterm-readline-gnu-perl installed helps, too. |
|
check-new-issues does not yet support the "claimed by" tags mentioned above. |
|
| 138 |
|
|
| 139 |
Please also make sure to check the wnpp list for possible <itp> items and |
Please also make sure to check the wnpp list for possible <itp> items and |
| 140 |
the ftp-master removal list to see if the issue way maybe present in the past |
the ftp-master removal list to see if the issue way maybe present in the past |
Parent Directory
| 
Revision Log
| 
Patch