On Wed 2024/11/27 23:21:42-0800 (PST), Salvatore Bonaccorso wrote:
Hi Hong,
On Tue, Nov 26, 2024 at 11:29:58PM -0800, Hong Xu wrote:
I am a maintainer of the upstream of editorconfig. I added
CVE-2024-53849 to the CVE database today. This is related to the
editorconfig package in Debian.
Additionally, the security fix was available about 9 months ago, in
case this information matters (only realized it wasn't in CVE today,
my bad).
Yes thanks a lot. We are tracking the CVE as
https://security-tracker.debian.org/tracker/CVE-2024-53849
Thanks Salvatore. In the future, should I always report new CVE items from
packages maintained by me to this mailing list? Or, should I trust the Debian
Security Team would associate new items in CVE with Debian packages? I couldn't
find related information on the website...
Hong
