Comment 10 for bug 1338830
Revision history for this message
| Garth Mollett (gmollett) wrote Re: Potential incomplete fix for OSSA 2014-017 | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Obviously it's entirely up to VMT how advisories for incomplete fixes are handled.
But if it helps you at all in deciding what the process should be, MITRE and Red Hat (as a CNA for opensource), as a standard practice, do assign a new CVE to an issue when a fix is found to be incomplete after the original fix/advisory is released.
We (Red Hat product security) will also release a new erratum / security advisory if such a case occurs and we have already released one for the original issue.
That is our process though, by no means am I saying it should be yours as well. Just trying to be helpful :)