Hi, > The point is it doesn't makes sense to request a CVE id for > this without any details that allows us to track the issue. > And I fail to see the reason to omit this information here > as it doesn't seem to be that ubercritical.
I don't think we need to request a CVE name for this actively. I sincerely doubt that this tool is distributed outside of Debian, it's only installed in usr/share but not enabled by default as I understand it, scope is very limited and issue is not extremely critical. Let's just leave it at this unless there's some evidence that some other party needs/wants to fix this too. Afterall, we only need a CVE id to cross reference across vendors. cheers, Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]