From: aba <aba@313b444b-1b9f-4f58-a734-7bb04f332e8d>
Date: Sat, 11 Nov 2006 21:02:23 +0000 (+0000)
Subject: add CVE ids
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=eefabb52791298cc8bfc61bccda7ad926d25837d;p=developers-reference.git

add CVE ids


git-svn-id: svn://anonscm.debian.org/ddp/manuals/trunk/developers-reference@3950 313b444b-1b9f-4f58-a734-7bb04f332e8d
---

diff --git a/debian/changelog b/debian/changelog
index db1977d..35972ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,7 @@ developers-reference (3.3.8) unstable; urgency=low
   * stop using capitals, minor fixes, language fixes.
     Thanks, Thijs Kinkhorst, Colin Tuckley, Russ Allbery.
     Closes: #368046, #378929, #361744
+  * add CVE Ids to your changelog. Closes: #376961
 
  -- Andreas Barth <aba@not.so.argh.org>  Sat, 11 Nov 2006 10:55:44 -0700
 
diff --git a/developers-reference.sgml b/developers-reference.sgml
index 470e45c..ad2b982 100644
--- a/developers-reference.sgml
+++ b/developers-reference.sgml
@@ -7,7 +7,7 @@
   <!ENTITY % dynamicdata  SYSTEM "dynamic.ent" > %dynamicdata;
 
   <!-- CVS revision of this document -->
-  <!ENTITY cvs-rev "$Revision: 1.303 $">
+  <!ENTITY cvs-rev "$Revision: 1.304 $">
 
   <!-- if you are translating this document, please notate the CVS
        revision of the original developer's reference in cvs-en-rev -->
@@ -1641,6 +1641,15 @@ Please include a <tt>Closes: bug#<var>nnnnn</var></tt> entry in the
 changelog of the new package in order for the bug report to be
 automatically closed once the new package is installed in the archive
 (see <ref id="upload-bugfix">).
+        <p>
+When closing security bugs include CVE numbers as well as the 
+"Closes: #nnnnn".
+This is useful for the security team to track vulnerabilities.
+If an upload is made to fix the bug before the advisory ID is known,
+it is encouraged to modify the historical changelog entry with the next upload;
+please include even in that case all pointers you have to your first
+changelog entry.
+
 	<p>
 There are a number of reasons why we ask maintainers to announce their
 intentions: