aboutsummaryrefslogtreecommitdiffstats
path: root/polish/security/cve-compatibility.wml
blob: 9d660dea1787bbcc9880f740a64bd82e1eed60ca (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

#pddp rafalm80
#use wml::debian::template title="Debian CVE compatibility" NOHEADER="true"
#include "$(ENGLISHDIR)/security/faq.inc"
#use wml::debian::translation-check translation="1.3"

<H1>Zgodność Debiana i CVE</H1>

<P>Deweloperzy Debiana zrozumieli potrzebę dostarczania aktualnych i
dokładnych informacji dotyczących bezpieczeństwa jego dystrybucji,
pozwalając użytkownikom podołać ryzyku zwiazanym ze słabymi punktami
bezpieczeństwa. <a href="http://cve.mitre.org">CVE</A> umożliwia
dostarczenie typotych informacji, które pozwalają użytkownikom na
rozwinąć proces zarządzania bezpieczeństwem z aktywnym CVE.</p>

<P>Projekt CVE (The Common Vulnerabilities and Exposures), prowadzony
przez korporacje MITRE, jest listą zestandaryzowanych nazw dla luk i
słabych punktów bezpieczeństwa.
Więcej informacji znajdziesz na <url "http://cve.mitre.org/">.</P>

<P>Debian believes that providing users with additional information 
related to security issues that affect the Debian distribution is
extremely important. The inclusion of CVE names in advisories help
users associate generic vulnerabilities with specific Debian updates,
which reduces the time spent handling vulnerabilities that affect our users.
Also, it eases the management of security in an environment where 
CVE-enabled security tools such as network or host intrusion detection systems, 
or vulnerability assessment tools are already deployed regardless of 
whether or not they are based on the Debian distribution.

<P>Debian has added CVE names to all the security advisories (DSA) 
released since september 1998 through a review process started on 
august 2002. All of the advisories can be retrieved on the Debian
web site, and announcements related to new vulnerabilities include
CVE names if available at the time of their release. Advisories 
associated with a given CVE name can be searched directly through
the <a href="http://search.debian.org">search engine</A>.

<P>Users who want to search for a particular CVE name can use the web
search engine available in debian.org to retrieve advisories available
(in English and translated to other languages) associated with CVE names. 
A search can be made for a specific name (like 
<a href="http://search.debian.org/?q=advisory+%22CAN-2002-0001%22&amp;ps=50&amp;o=1&amp;m=all">advisory CAN-2002-0001</A>)
or for partial names 
(like all the 2002 candidates included in advisories <a href="http://search.debian.org/?q=advisory+%22CAN-2002%22&amp;ps=50&amp;o=1&amp;m=all">advisory CAN-2002</A>). 
Notice that you need to enter the word <em>advisory</em> together with the
CVE name in order to retrieve <strong>only</strong> security advisories.

<P>Moreover, Debian provides a fully <a href="crossreferences">crossreference
table</A> including all the references available for all the advisories
published since 1998. This table is provided to complement the 
<a href="http://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html">reference
map available at CVE</A>.

<H1>Common questions on CVE status</H1>

<maketoc>

<toc-add-entry name=status>What is the current status of Debian in the CVE process?</toc-add-entry>
<P>Debian is in the first phase of the two phases in the CVE process.</P>

<toc-add-entry name=find>Why don't I find a given CVE name?</toc-add-entry>

<P>You might not find a given CVE name in published advisories either 
because:
<UL>
<LI>Debian is not affected by that vulnerability.
<LI>There is not yet an advisory covering that vulnerability.
<LI>An advisory was published before a CVE name was assigned to a given
vulnerability. 
</UL>

<toc-add-entry name=candidates>What is the difference between a CVE entry and a candidate?</toc-add-entry>

<P>(from the CVE site) CVE candidates are those vulnerabilities or 
exposures under consideration for acceptance into CVE. 
Candidates are assigned special names to distinguish them 
from official CVE entries.</P>

<P>Candidates are assigned special numbers that distinguish them from CVE
entries. However, these numbers become CVE entries if the candidate is
accepted into CVE. For example, a candidate number might be
CAN-1999-0067, while its eventual CVE number would be CVE-1999-0067.
Also, the assignment of a candidate number is not a guarantee that it
will become an official CVE entry.</P>

<P>The database of published advisories is revised periodically to
determine those candidates that have been accepted as CVE entries. 

<P>For more information please read 
<a href="http://cve.mitre.org/about/candidates.html">CVE Candidates explained</A>.

<toc-add-entry name=moreinfo>Gdzie mogę uzyskać więcej informacji?</toc-add-entry>

<P>Więcej informacji znajdziesz na <a
href="http://cve.mitre.org/">stronie CVE</a>.

© 2014-2024 Faster IT GmbH | imprint | privacy policy