Document CVE Request syntax

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@46157 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Salvatore Bonaccorso <carnil@debian.org> 2016-11-13 12:53:28 +0000
committer: Salvatore Bonaccorso <carnil@debian.org> 2016-11-13 12:53:28 +0000
commit: ba051bb3eabf008bed8c6b63e5dc407f20bef741 (patch)
tree: 4d2636a5995e764d37a9d2c2fe5fc86fadd2d43d /doc
parent: 0aebf06032cc90bc628c1ac8ee45ca87d4486cec (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker
index d8987966a3..2ca20f5714 100644
--- a/doc/security-team.d.o/security_tracker
+++ b/doc/security-team.d.o/security_tracker
@@ -437,6 +437,14 @@ entry in the upstream bug tracker, or a bug in the Debian BTS.  If the
 issue is likely present in unstable, a bug should be filed to help the
 maintainer to track it.
 
+If a CVE is requested and found unter a particular URL, please add a NOTE
+as follows:
+
+            NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/11/13/1
+
+Once a CVE is assigned, the 'CVE Request: ' only or the whole line might be
+cleaned up.
+
 Lack of CVE entries should not block advisory publication which are
 otherwise ready, but we should strive to release fully
 cross-referenced advisories nevertheless.
author	Salvatore Bonaccorso <carnil@debian.org>	2016-11-13 12:53:28 +0000
committer	Salvatore Bonaccorso <carnil@debian.org>	2016-11-13 12:53:28 +0000
commit	ba051bb3eabf008bed8c6b63e5dc407f20bef741 (patch)
tree	4d2636a5995e764d37a9d2c2fe5fc86fadd2d43d /doc
parent	0aebf06032cc90bc628c1ac8ee45ca87d4486cec (diff)