On Sat, Jan 24, 2015 at 11:04 AM, Salvatore Bonaccorso <car...@debian.org> wrote: > On Sat, Jan 24, 2015 at 10:50:11AM +0100, Salvatore Bonaccorso wrote: >> and the directory traversal via file rename does not seem to have a >> CVE yet? (retitling back this subject just to avoid confusion). > > I have requested a CVE for this one at > http://www.openwall.com/lists/oss-security/2015/01/24/2 OK, but please note that there are three CVE number requests now[1][2][3]. Fixes are released and the packaging is ready. Should I wait for the CVE number assignment to note those in changelog or better if I upload the new version?
Regards, Laszlo/GCS [1] https://security-tracker.debian.org/tracker/TEMP-0000000-064450 [2] https://security-tracker.debian.org/tracker/TEMP-0775873-B5D91A [3] https://security-tracker.debian.org/tracker/TEMP-0775901-CA9436 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
