Hi all I found another issue that looks very similar. It is https://security-tracker.debian.org/tracker/CVE-2018-6594
Should we treat it the same way, marking it as ignored? Best regards // Ola On 9 April 2018 at 07:26, Salvatore Bonaccorso <car...@debian.org> wrote: > Hi Brian, > > On Fri, Apr 06, 2018 at 07:06:30PM +1000, Brian May wrote: > > Ola Lundqvist <o...@inguza.com> writes: > > > > > This is what I think we should do. > > > > > > 1) Send a new DLA telling that the fix is only partial and not > complete and > > > in addtion that elgamal encryption is not supported by the library and > > > should not be used. > > > > > > 2) Mark the CVE as no-dsa/ignored in the security database. > > > > If so, do we update the DLA 1283-1 to remove the fixed status? I assume > > we just have to update the entry in security-tracker/data/DLA/list? > > Yes if that what you want to do, to remove the fixed status, just > remove the CVE entry from the DLA-1283-1 block in data/DLA/list. > > At same time remove as well the cross-reference to DLA-1283-1 in > data/CVE/list, which OTOH otherwise will be dropped on next automatic > run. > > Regards, > Salvatore > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
