Hello, Just wondering if there is some other way we can track security issues for when CVEs are not available.
Thinking of imagemagick here, it has a lot of security issues, and requests for CVEs are not getting any responses. For example, if there are no CVEs are we able to use OVEs instead? http://www.openwall.com/ove As an example of the problems this causes, it is going to be challanging working out for sure which changes made in the squeeze version fixed TEMP-0773834-5EB6CF (for porting to wheezy version), particular as TEMP-0773834-5EB6CF refers to multiple security issues. As there is nothing in the changelog refering to these temp ids, because of cause they are only temp ids. https://security-tracker.debian.org/tracker/TEMP-0773834-5EB6CF In this particular case, I suspect it might be just the last two patches, as other issues have CVEs or appear to be fixed in wheezy already. e.g. #692367 (which doesn't appear to have security tracking). fix-overflow-in-icon-parsing.patch fix-overflow-in-pict-parsing.patch Regards -- Brian May <br...@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/
