Am 11.04.2017 um 17:18 schrieb Salvatore Bonaccorso: > Hi Markus, > > On Tue, Apr 11, 2017 at 02:18:14PM +0000, Debian Bug Tracking System wrote: >> Processing control commands: >> >>> merge 860068 860069 860070 860071 >> Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647 >> Bug #860069 [src:tomcat8] tomcat8: CVE-2017-5648 >> Marked as found in versions tomcat8/8.5.11-1. >> Bug #860068 [src:tomcat8] tomcat8: CVE-2017-5647 >> Marked as found in versions tomcat8/8.5.11-1. >> Bug #860071 [src:tomcat8] tomcat8: CVE-2017-5651 >> Marked as found in versions tomcat8/8.0.14-1. >> Bug #860070 [src:tomcat8] tomcat8: CVE-2017-5650 >> Marked as found in versions tomcat8/8.0.14-1. >> Merged 860068 860069 860070 860071 > > Why the merge? I was a exlicit choice to open 4 bugs due to the > different CVE's and different affected versions (note that two affect > 8.0.14-1 and two only 8.5.11-1 but not the version in jessie).
Hi, please combine CVEs for (Java) packages because single bug reports just create more noise on the list and in the end we make one upload to address all of them together. I suggest to use the found/fixed tags as needed. Regards, Markus
signature.asc
Description: OpenPGP digital signature
