Hi! On Sat, Aug 27, 2016 at 02:58:13PM +0530, Pirate Praveen wrote: > On Thu, 25 Aug 2016 21:44:23 +0200 Salvatore Bonaccorso > <car...@debian.org> wrote: > > Control: fixed -1 4.2.0-1 > > Hi > > > > This seems to have been addressed in 4.2.0 upstream (which was > > uploaded to experimental), but the debian/changelog does not mention > > the bug closer nor the CVE id; any reason for that or just an > > oversight? > > It was just an oversight, as my focus was to match dependency > requirement of gitlab 8.10.5. Can I add this number in 4.2.0-2?
Sure, the CVE identifier can be added retrospecitively to the 4.2.0-1 changelog in any subsequent upload (just to keep the history). In any case I have already updated the security-tracker information. Thanks a lot! Regards, Salvatore
