aboutsummaryrefslogtreecommitdiffstats
path: root/polish/security/cve-compatibility.wml
diff options
context:
space:
mode:
Diffstat (limited to 'polish/security/cve-compatibility.wml')
-rw-r--r--polish/security/cve-compatibility.wml95
1 files changed, 95 insertions, 0 deletions
diff --git a/polish/security/cve-compatibility.wml b/polish/security/cve-compatibility.wml
new file mode 100644
index 00000000000..9d660dea178
--- /dev/null
+++ b/polish/security/cve-compatibility.wml
@@ -0,0 +1,95 @@
+#pddp rafalm80
+#use wml::debian::template title="Debian CVE compatibility" NOHEADER="true"
+#include "$(ENGLISHDIR)/security/faq.inc"
+#use wml::debian::translation-check translation="1.3"
+
+<H1>Zgodność Debiana i CVE</H1>
+
+<P>Deweloperzy Debiana zrozumieli potrzebę dostarczania aktualnych i
+dokładnych informacji dotyczących bezpieczeństwa jego dystrybucji,
+pozwalając użytkownikom podołać ryzyku zwiazanym ze słabymi punktami
+bezpieczeństwa. <a href="http://cve.mitre.org">CVE</A> umożliwia
+dostarczenie typotych informacji, które pozwalają użytkownikom na
+rozwinąć proces zarządzania bezpieczeństwem z aktywnym CVE.</p>
+
+<P>Projekt CVE (The Common Vulnerabilities and Exposures), prowadzony
+przez korporacje MITRE, jest listą zestandaryzowanych nazw dla luk i
+słabych punktów bezpieczeństwa.
+Więcej informacji znajdziesz na <url "http://cve.mitre.org/">.</P>
+
+<P>Debian believes that providing users with additional information
+related to security issues that affect the Debian distribution is
+extremely important. The inclusion of CVE names in advisories help
+users associate generic vulnerabilities with specific Debian updates,
+which reduces the time spent handling vulnerabilities that affect our users.
+Also, it eases the management of security in an environment where
+CVE-enabled security tools such as network or host intrusion detection systems,
+or vulnerability assessment tools are already deployed regardless of
+whether or not they are based on the Debian distribution.
+
+<P>Debian has added CVE names to all the security advisories (DSA)
+released since september 1998 through a review process started on
+august 2002. All of the advisories can be retrieved on the Debian
+web site, and announcements related to new vulnerabilities include
+CVE names if available at the time of their release. Advisories
+associated with a given CVE name can be searched directly through
+the <a href="http://search.debian.org">search engine</A>.
+
+<P>Users who want to search for a particular CVE name can use the web
+search engine available in debian.org to retrieve advisories available
+(in English and translated to other languages) associated with CVE names.
+A search can be made for a specific name (like
+<a href="http://search.debian.org/?q=advisory+%22CAN-2002-0001%22&amp;ps=50&amp;o=1&amp;m=all">advisory CAN-2002-0001</A>)
+or for partial names
+(like all the 2002 candidates included in advisories <a href="http://search.debian.org/?q=advisory+%22CAN-2002%22&amp;ps=50&amp;o=1&amp;m=all">advisory CAN-2002</A>).
+Notice that you need to enter the word <em>advisory</em> together with the
+CVE name in order to retrieve <strong>only</strong> security advisories.
+
+<P>Moreover, Debian provides a fully <a href="crossreferences">crossreference
+table</A> including all the references available for all the advisories
+published since 1998. This table is provided to complement the
+<a href="http://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html">reference
+map available at CVE</A>.
+
+<H1>Common questions on CVE status</H1>
+
+<maketoc>
+
+<toc-add-entry name=status>What is the current status of Debian in the CVE process?</toc-add-entry>
+<P>Debian is in the first phase of the two phases in the CVE process.</P>
+
+<toc-add-entry name=find>Why don't I find a given CVE name?</toc-add-entry>
+
+<P>You might not find a given CVE name in published advisories either
+because:
+<UL>
+<LI>Debian is not affected by that vulnerability.
+<LI>There is not yet an advisory covering that vulnerability.
+<LI>An advisory was published before a CVE name was assigned to a given
+vulnerability.
+</UL>
+
+<toc-add-entry name=candidates>What is the difference between a CVE entry and a candidate?</toc-add-entry>
+
+<P>(from the CVE site) CVE candidates are those vulnerabilities or
+exposures under consideration for acceptance into CVE.
+Candidates are assigned special names to distinguish them
+from official CVE entries.</P>
+
+<P>Candidates are assigned special numbers that distinguish them from CVE
+entries. However, these numbers become CVE entries if the candidate is
+accepted into CVE. For example, a candidate number might be
+CAN-1999-0067, while its eventual CVE number would be CVE-1999-0067.
+Also, the assignment of a candidate number is not a guarantee that it
+will become an official CVE entry.</P>
+
+<P>The database of published advisories is revised periodically to
+determine those candidates that have been accepted as CVE entries.
+
+<P>For more information please read
+<a href="http://cve.mitre.org/about/candidates.html">CVE Candidates explained</A>.
+
+<toc-add-entry name=moreinfo>Gdzie mogę uzyskać więcej informacji?</toc-add-entry>
+
+<P>Więcej informacji znajdziesz na <a
+href="http://cve.mitre.org/">stronie CVE</a>.

© 2014-2024 Faster IT GmbH | imprint | privacy policy