On Tue, Jul 06, 2004 at 09:13:18PM +0200, Jeroen van Wolffelaar wrote: > On Tue, Jul 06, 2004 at 03:08:38PM -0400, Michael Stone wrote: > > On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote: > > >As an example, take CAN-2004-0519, CAN-2004-0520 and CAN-2004-0521, all > > >three not yet solved in woody, but also not filed in the BTS (hm, two of > > >them directly refer to a patch[2][3] solving it...). > > > > Go ahead and file the bug. > > mdz told me this isn't done for practical reasons: the BTS isn't very > suitable for tracking which versions are affected, and a sid upload can > close such a bug while it's still in woody. While I think it'd still be > possible without too much hassle, if they don't want to do so, I'm not > going to interfere in that. > > For those two bugs, I'm simply mailing the security team myself, maybe > also file a bug, don't know yet.
You are free to file a bug, and sometimes this helps to get a response from the maintainer; just note that these bugs will generally not be used by the security team for tracking the status of the vulnerabilities. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
