[opensuse-security] "Recommended" status of Leap update openSUSE-2020-1390
Hello, openSUSE-2020-1390 patch for "libmediainfo" and "mediainfo" fixes some CVE issue but is classified as "recommended" and not as "security". https://bugzilla.suse.com/show_bug.cgi?id=1173630 https://lists.opensuse.org/opensuse-updates/2020-09/msg00077.html Does this mean that "security" status is restricted to updates that modify critical software from some closed list (a list of packages that is tracked by the security team)? Best wishes, Alexander Shchadilov -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Sat, Sep 12, 2020 at 10:06:23PM +0300, Alexander Shchadilov wrote:
Hello, openSUSE-2020-1390 patch for "libmediainfo" and "mediainfo" fixes some CVE issue but is classified as "recommended" and not as "security". https://bugzilla.suse.com/show_bug.cgi?id=1173630 https://lists.opensuse.org/opensuse-updates/2020-09/msg00077.html
Does this mean that "security" status is restricted to updates that modify critical software from some closed list (a list of packages that is tracked by the security team)?
We depend a bit on the packagers also mentioning the CVE in their changes entries (and not just this line: - Add libmediainfo-MpegPs.patch (fixes boo#1173630) ) As it was not correctly submitted (without CVE in changes entry) I missed this while processing it. So if you have a CVE, please always also add it to the .changes entry, our automation then automatically marks it as security. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Alexander Shchadilov -
Marcus Meissner