Hi Daniel,
On 03/10/2024 21:47, Daniel Leidert wrote:
I just became aware that a new unbound version was released just now
that fixes a vulnerability (CVE-2024-8508) that is not yet listed in
the tracker. What are the proceedings to get it listed/evaluated?
Salvatore just added it :)
https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/commit/b06702662e7ff1656e64e11c18900b74edb63ea1
Within an hour, the web tracker will be updated.
https://deb.freexian.com/extended-lts/tracker/CVE-2024-8508
More generally newly published CVEs are grabbed twice a day from MITRE
and checked by the Debian Security Team, or added manually before that
by them (which is the case here).
Cheers!
Sylvain
