Thanks a lot! // Ola
On Thu, May 26, 2016 at 12:32 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi Ola, > > On Thu, May 26, 2016 at 12:27:32PM +0200, Ola Lundqvist wrote: > > Hi Salvatore > > > > Thanks for quick answer. > > > > Yes I have seen that and uploaded to the archive. I guess it has not been > > processed yet. > > > > A CVE request was made half a year ago, but none assigned that I could > find. > > Yes seen that. You might follow-up on that and ask if it felt through > the cracks. > > > Regarding the addition if a line to data/CVE/list. Shall I add it to a > > dummy id because the format looks like it is > > CVE-XXX-XXX > > lines > > I just have commited the following to the security-tracker data: > > --- a/data/CVE/list > +++ b/data/CVE/list > @@ -13407,6 +13407,8 @@ CVE-2015-8560 (Incomplete blacklist vulnerability > in util.c in foomatic-rip in . > NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2 > CVE-2015-XXXX [ruby-mail: SMTP injection via recipient email addresses] > - ruby-mail 2.6.1+dfsg1-1 > + [wheezy] - ruby-mail 2.4.4-2+deb7u1 > + NOTE: Workaround entry for DLA-489-1 (since no CVE for this issue) > NOTE: > https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83 > NOTE: CVE Request: > http://www.openwall.com/lists/oss-security/2015/12/11/3 > NOTE: Fixed in 2.6.0 > > HTH, > > Regards, > Salvatore > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
