Security update process without CVEs

Dan Scott denials at gmail.com
Tue Jan 21 22:09:54 UTC 2014


Eric:

On Tue, Jan 21, 2014 at 4:31 PM, Eric H. Christensen
<sparks at fedoraproject.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On Tue, Jan 21, 2014 at 04:26:19PM -0500, Dan Scott wrote:
>> I tried following
>> https://fedoraproject.org/wiki/Security_Tracking_Bugs?rd=Security/TrackingBugs
>> but it appears to depend on waiting on a CVE, which upstream did not
>> yet have... but upstream had already pushed the new release to CPAN.
>
> You may be able to request the CVE yourself.  I'm trying to contact the guy that handles those things for FOSS but a netsplit is keeping me from talking to him at the moment.

Thanks; upstream had already submitted the request for a CVE. They
just hadn't received it yet.


More information about the devel mailing list