diff options
| author | Johnathan Ritzi <jrdioko@gmail.com> | 2011-07-25 04:08:25 +0000 |
|---|---|---|
| committer | Johnathan Ritzi <jrdioko@gmail.com> | 2011-07-25 04:08:25 +0000 |
| commit | 90529f3de4acebf47560989b673a13d003316846 (patch) | |
| tree | 56b8b3f053f0a56ad5e496a471421e3607d8d212 /doc/narrative_introduction | |
| parent | a787120cd4be96964430716b5b2d0a708f0faba0 (diff) | |
Clarify fixed issues in packages
Mention that the CVE description isn't enough, and that
the Debian package should be double-checked before assuming
that an issue is fixed in a particular version. If someone
wants to elaborate on how to double-check, I think that would
be useful.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16979 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
| -rw-r--r-- | doc/narrative_introduction | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 3d15102b55..7b3409a12f 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -211,6 +211,11 @@ CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - gallery 1.5-2 (medium) +Even if the CVE description mentions it is fixed as of a particular +version, double-check the Debian package yourself (because sometimes +the CVE descriptions or information from databases like Secunia is +incorrect). + If it hasn't been fixed, we determine if there has been a bug filed about the issue, and if not, file one and then note it in the list (again with a severity level): |