Moritz Muehlenhoff
2006-Apr-09 20:22 UTC
[Secure-testing-team] d-d-c and CVE/list processing
Hi,
I need to submit my thesis by end of this month and I''ll travel through
Mexico two weeks ahead of DebConf, so I won''t be able to process
CVE/list
updates and merge information from debian-devel-changes in CVE/list until
DebConf. I''d would be great if someone steps in, especially for the
latter,
as that''s where 90% of our information for fixes in sid is coming from.
I''ll skip Debian mailing lists as well, so please CC: me if necessary.
Cheers,
Moritz
Hi Moritz, On Sunday 09 April 2006 22:22, Moritz Muehlenhoff wrote:> I need to submit my thesis by end of this month and I''ll travel > through Mexico two weeks ahead of DebConf, so I won''t be able to > process CVE/list updates and merge information from > debian-devel-changes in CVE/list until DebConf. I''d would be great > if someone steps in, especially for the latter, as that''s where 90% > of our information for fixes in sid is coming from.What exactly do you do with d-d-changes? Just grep [1] through the mails for cve references? That I could do. Or do you check all changelog entries for security relevance? I don''t think I have enough time for that. Cheers, Stefan [1] e.g. (cve-|can-|security|buffer *over|vuln)
Moritz Muehlenhoff
2006-Apr-10 15:21 UTC
[Secure-testing-team] d-d-c and CVE/list processing
Stefan Fritsch wrote:> On Sunday 09 April 2006 22:22, Moritz Muehlenhoff wrote: > > I need to submit my thesis by end of this month and I''ll travel > > through Mexico two weeks ahead of DebConf, so I won''t be able to > > process CVE/list updates and merge information from > > debian-devel-changes in CVE/list until DebConf. I''d would be great > > if someone steps in, especially for the latter, as that''s where 90% > > of our information for fixes in sid is coming from. > > What exactly do you do with d-d-changes? Just grep [1] through the > mails for cve references? That I could do. Or do you check all > changelog entries for security relevance?The latter, grepping doesn''t find them all as the data isn''t sufficiently well-formed. Maintainers are very creative in writing crappy changelog entries. It takes about 10-15 minutes per day in my experience. Cheers, Moritz
Hi, On Monday 10 April 2006 17:21, Moritz Muehlenhoff wrote:> > What exactly do you do with d-d-changes? Just grep [1] through > > the mails for cve references? That I could do. Or do you check > > all changelog entries for security relevance? > > The latter, grepping doesn''t find them all as the data isn''t > sufficiently well-formed. Maintainers are very creative in writing > crappy changelog entries. It takes about 10-15 minutes per day in > my experience.Ok, I can do that. I thought it would take longer. Cheers, Stefan