Hi Salvatore,
I have gone through the repository that you have shared with me and I found
that the information are coming from "data/CVE/list". Under
doc/security-team.d.o/security_tracker file I could see the process that how
the CVEs are manipulated and note preparations an all. But can I know what
criteria or process how the maintainer is making the CVE as "minor" or "medium"
? For your information I am giving below example which I have taken from the
doc/security-team.d.o/security_tracker file.
" If you are not sure about some decision (e.g., which package is affected) or
triaging (e.g., bug severity) you can leave a TODO note for reviewing,
explaining which aspect have to be reviewed. For example:
CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...)
- tor 0.2.4.20-1 (low)
[wheezy] - tor <no-dsa> (Minor issue)
"
Just wanted to know how the maintainer is tagging it as "(Minor issue )" in the
note session. Is there any process that we are making to do like this ? Hope
you understood my query and it will be very helpful if you are clearing this
soon.
Regards
Sarath P T
-----Original Message-----
From: P T, Sarath
Sent: 14 February 2022 13:09
To: 'Salvatore Bonaccorso' <[email protected]>
Cc: [email protected]
Subject: RE: Source of the Notes of CVE id
Hi Salvatore,
Let me check the link that you shared. This will be a very helpful information
to me. Thanks for the reply.
Regards
Sarath pt
-----Original Message-----
From: Salvatore Bonaccorso [mailto:[email protected]] On Behalf Of
Salvatore Bonaccorso
Sent: 14 February 2022 12:20
To: P T, Sarath <[email protected]>
Cc: [email protected]
Subject: Re: Source of the Notes of CVE id
Hi,
On Mon, Feb 14, 2022 at 04:55:35AM +0000, P T, Sarath wrote:
> Hi Team,
>
>
> It's a remainder to my query. Hope you will clear it soon !!
See
https://lists.debian.org/debian-security-tracker/2022/02/msg00016.html
Regards,
Salvatore
