Bug#447081: This bug has a CVE

[Hilmar Preusse <hille42@web.de>]

On 27.12.07 Norbert Preining (preining@logic.at) wrote:
> On Do, 27 Dez 2007, Hilmar Preusse wrote:

Hi,

> > > Bug was assigned CVE-2007-5935
> > > 
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> > > 
> > just noticed that Norbert put that # into the changelog:
> > 
> >   * fix segfault of dvips -z on amd64 (patch applied upstream),
> >     thanks to Bastien Roucaries for finding and providing a patch
> >     (Closes: #447081)
> > 
> > It seems that entry is not yet mentioned in the official package, but
> > it is in the SVN.
> 
> ??? how ??? that fix went into texlive-bin (2007.dfsg.1-1) which was
> released on 2007-11-1. There the bug number was already mentioned, see
> commit 3122, or the diff to the prev version of changelog:
> http://svn.debian.org/viewsvn/debian-tex/texlive-new/trunk/texlive-bin/debian/changelog?rev=3122&r1=3110&r2=3122
> 
> The only thing what I did *afterwards* was do add the CVE number.
> The Debian bug number was mentioned.
> 
Exactly: you can't list a CVE number if there isn't assigned one yet.
So, what you did is fine. I'm sorry for the confusion!

H.
-- 
sigmentation fault