diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-13 22:20:26 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2005-12-13 22:20:26 +0000 |
commit | c6cbb4283138bcdb505616f8a1c5c0de2981e69e (patch) | |
tree | 30ace49667ffd9719f651d662b1157d8f6ccfa67 /doc/narrative_introduction | |
parent | fcbf347da5d23eacc695de274949e5b55107bda1 (diff) |
document distribution tags
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3027 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/narrative_introduction')
-rw-r--r-- | doc/narrative_introduction | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/doc/narrative_introduction b/doc/narrative_introduction index a0bf1d66ae..ec2c5653e0 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -196,11 +196,28 @@ STABLE11 and ...) NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, NOTE: this patch was never applied to the Debian package. +Distribution tags +----------------- +Our data is primarily targeted at sid, as we track the version that +a certain issue was fixed in sid. The Security Tracker web site (see +below) derives information about the applicability of a vulnerability +to stable and oldstable from the list of DSAs issued by the security +team and the fact that a source package is part of a release. +Distribution tags can be used to denote information about a vulnerability +for the version of a package in a specific release. An example: + +CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...) + - drupal 4.5.6-1 (low) + [sarge] - drupal <not-affected> (Only vulnerable if running PHP 5) + +Drupal has been fixed since 4.5.6, however Drupal from Sarge still isn't +vulnerable as the vulnerability is only effective when run under PHP 5, +which isn't part of Sarge. TODO ---- -Need to document [sarge], [woody], and other tags +Need to document <not-affected>, <removed>, REJECTED, RESERVED Generated Reports @@ -257,7 +274,7 @@ helps!) TODO: -document severity levels +document {} cross refs document DSA/list document DTSAs document tsck |