Security update process without CVEs

Dan Scott denials at
Tue Jan 21 22:09:54 UTC 2014


On Tue, Jan 21, 2014 at 4:31 PM, Eric H. Christensen
<sparks at> wrote:
> Hash: SHA512
> On Tue, Jan 21, 2014 at 04:26:19PM -0500, Dan Scott wrote:
>> I tried following
>> but it appears to depend on waiting on a CVE, which upstream did not
>> yet have... but upstream had already pushed the new release to CPAN.
> You may be able to request the CVE yourself.  I'm trying to contact the guy that handles those things for FOSS but a netsplit is keeping me from talking to him at the moment.

Thanks; upstream had already submitted the request for a CVE. They
just hadn't received it yet.

More information about the devel mailing list