* stop using capitals, minor fixes, language fixes.
Thanks, Thijs Kinkhorst, Colin Tuckley, Russ Allbery.
Closes: #368046, #378929, #361744
+ * add CVE Ids to your changelog. Closes: #376961
-- Andreas Barth <aba@not.so.argh.org> Sat, 11 Nov 2006 10:55:44 -0700
<!ENTITY % dynamicdata SYSTEM "dynamic.ent" > %dynamicdata;
<!-- CVS revision of this document -->
- <!ENTITY cvs-rev "$Revision: 1.303 $">
+ <!ENTITY cvs-rev "$Revision: 1.304 $">
<!-- if you are translating this document, please notate the CVS
revision of the original developer's reference in cvs-en-rev -->
changelog of the new package in order for the bug report to be
automatically closed once the new package is installed in the archive
(see <ref id="upload-bugfix">).
+ <p>
+When closing security bugs include CVE numbers as well as the
+"Closes: #nnnnn".
+This is useful for the security team to track vulnerabilities.
+If an upload is made to fix the bug before the advisory ID is known,
+it is encouraged to modify the historical changelog entry with the next upload;
+please include even in that case all pointers you have to your first
+changelog entry.
+
<p>
There are a number of reasons why we ask maintainers to announce their
intentions: