On 07/10/2013 05:02 AM, Daniel P. Berrange wrote: > On Wed, Jul 10, 2013 at 12:59:48PM +0200, Ján Tomko wrote: >> CVE-2013-2230 > > This should be in the subject line so it is more visible. Oh well, it was pushed without the subject line change. But I noticed that DV had added a signed tag to our previous CVE (2013-2218, just before 1.1.0), and that is also easily visible if you use 'tig', so I've just finished creating lots of other signed tags for CVE fixes over the last three years: CVE-2011-1146 CVE-2012-3411 CVE-2013-0170 CVE-2013-2230 CVE-2011-1486 CVE-2012-3445 CVE-2013-1962 CVE-2011-2178 CVE-2012-4423 CVE-2013-2218 Since signed tags can be added after the fact, they are a nice way to consistently mark bug fixes, regardless of whether the commit itself was aware of a CVE number (for example, some of those tags are on commits that were made public long before a CVE was assigned, because no one realized the exploit until after the patch was pushed). -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list