diff options
Diffstat (limited to 'polish/security/cve-compatibility.wml')
-rw-r--r-- | polish/security/cve-compatibility.wml | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/polish/security/cve-compatibility.wml b/polish/security/cve-compatibility.wml new file mode 100644 index 00000000000..9d660dea178 --- /dev/null +++ b/polish/security/cve-compatibility.wml @@ -0,0 +1,95 @@ +#pddp rafalm80 +#use wml::debian::template title="Debian CVE compatibility" NOHEADER="true" +#include "$(ENGLISHDIR)/security/faq.inc" +#use wml::debian::translation-check translation="1.3" + +<H1>Zgodność Debiana i CVE</H1> + +<P>Deweloperzy Debiana zrozumieli potrzebę dostarczania aktualnych i +dokładnych informacji dotyczących bezpieczeństwa jego dystrybucji, +pozwalając użytkownikom podołać ryzyku zwiazanym ze słabymi punktami +bezpieczeństwa. <a href="http://cve.mitre.org">CVE</A> umożliwia +dostarczenie typotych informacji, które pozwalają użytkownikom na +rozwinąć proces zarządzania bezpieczeństwem z aktywnym CVE.</p> + +<P>Projekt CVE (The Common Vulnerabilities and Exposures), prowadzony +przez korporacje MITRE, jest listą zestandaryzowanych nazw dla luk i +słabych punktów bezpieczeństwa. +Więcej informacji znajdziesz na <url "http://cve.mitre.org/">.</P> + +<P>Debian believes that providing users with additional information +related to security issues that affect the Debian distribution is +extremely important. The inclusion of CVE names in advisories help +users associate generic vulnerabilities with specific Debian updates, +which reduces the time spent handling vulnerabilities that affect our users. +Also, it eases the management of security in an environment where +CVE-enabled security tools such as network or host intrusion detection systems, +or vulnerability assessment tools are already deployed regardless of +whether or not they are based on the Debian distribution. + +<P>Debian has added CVE names to all the security advisories (DSA) +released since september 1998 through a review process started on +august 2002. All of the advisories can be retrieved on the Debian +web site, and announcements related to new vulnerabilities include +CVE names if available at the time of their release. Advisories +associated with a given CVE name can be searched directly through +the <a href="http://search.debian.org">search engine</A>. + +<P>Users who want to search for a particular CVE name can use the web +search engine available in debian.org to retrieve advisories available +(in English and translated to other languages) associated with CVE names. +A search can be made for a specific name (like +<a href="http://search.debian.org/?q=advisory+%22CAN-2002-0001%22&ps=50&o=1&m=all">advisory CAN-2002-0001</A>) +or for partial names +(like all the 2002 candidates included in advisories <a href="http://search.debian.org/?q=advisory+%22CAN-2002%22&ps=50&o=1&m=all">advisory CAN-2002</A>). +Notice that you need to enter the word <em>advisory</em> together with the +CVE name in order to retrieve <strong>only</strong> security advisories. + +<P>Moreover, Debian provides a fully <a href="crossreferences">crossreference +table</A> including all the references available for all the advisories +published since 1998. This table is provided to complement the +<a href="http://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html">reference +map available at CVE</A>. + +<H1>Common questions on CVE status</H1> + +<maketoc> + +<toc-add-entry name=status>What is the current status of Debian in the CVE process?</toc-add-entry> +<P>Debian is in the first phase of the two phases in the CVE process.</P> + +<toc-add-entry name=find>Why don't I find a given CVE name?</toc-add-entry> + +<P>You might not find a given CVE name in published advisories either +because: +<UL> +<LI>Debian is not affected by that vulnerability. +<LI>There is not yet an advisory covering that vulnerability. +<LI>An advisory was published before a CVE name was assigned to a given +vulnerability. +</UL> + +<toc-add-entry name=candidates>What is the difference between a CVE entry and a candidate?</toc-add-entry> + +<P>(from the CVE site) CVE candidates are those vulnerabilities or +exposures under consideration for acceptance into CVE. +Candidates are assigned special names to distinguish them +from official CVE entries.</P> + +<P>Candidates are assigned special numbers that distinguish them from CVE +entries. However, these numbers become CVE entries if the candidate is +accepted into CVE. For example, a candidate number might be +CAN-1999-0067, while its eventual CVE number would be CVE-1999-0067. +Also, the assignment of a candidate number is not a guarantee that it +will become an official CVE entry.</P> + +<P>The database of published advisories is revised periodically to +determine those candidates that have been accepted as CVE entries. + +<P>For more information please read +<a href="http://cve.mitre.org/about/candidates.html">CVE Candidates explained</A>. + +<toc-add-entry name=moreinfo>Gdzie mogę uzyskać więcej informacji?</toc-add-entry> + +<P>Więcej informacji znajdziesz na <a +href="http://cve.mitre.org/">stronie CVE</a>. |