Bug#447081: This bug has a CVE
On 27.12.07 Norbert Preining (preining@logic.at) wrote:
> On Do, 27 Dez 2007, Hilmar Preusse wrote:
Hi,
> > > Bug was assigned CVE-2007-5935
> > >
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5935
> > >
> > just noticed that Norbert put that # into the changelog:
> >
> > * fix segfault of dvips -z on amd64 (patch applied upstream),
> > thanks to Bastien Roucaries for finding and providing a patch
> > (Closes: #447081)
> >
> > It seems that entry is not yet mentioned in the official package, but
> > it is in the SVN.
>
> ??? how ??? that fix went into texlive-bin (2007.dfsg.1-1) which was
> released on 2007-11-1. There the bug number was already mentioned, see
> commit 3122, or the diff to the prev version of changelog:
> http://svn.debian.org/viewsvn/debian-tex/texlive-new/trunk/texlive-bin/debian/changelog?rev=3122&r1=3110&r2=3122
>
> The only thing what I did *afterwards* was do add the CVE number.
> The Debian bug number was mentioned.
>
Exactly: you can't list a CVE number if there isn't assigned one yet.
So, what you did is fine. I'm sorry for the confusion!
H.
--
sigmentation fault
Reply to: