On Thu, Aug 11, 2022 at 11:08:49PM +0200, Evangelos Ribeiro Tzaras wrote:
> Hi Moritz,
>
> On Wed, 2022-08-10 at 22:08 +0200, Moritz Mühlenhoff wrote:
> > Source: sofia-sip
> > X-Debbugs-CC: t...@security.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > The following vulnerabilities were published for sofia-sip.
>
> I will try to apply the patches and prepare a release!
>
> > CVE-2022-31001[0]:
> ...
> > CVE-2022-31002[1]:
> ...
> > CVE-2022-31003[2]:
> ...
> >
>
> > If you fix the vulnerabilities please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> ACK.
> Is there a specific format needed when referencing the CVE?
Not really, just mention them in debian/changelog :-)
In addition we'll keep security-tracker.debian.org updated when the upload
reaches unstable.
Once the fix is in unstable (and if there are issues reported after a few
days) we can sort out an update for bullseye-security.
Cheers,
Moritz
