From 90529f3de4acebf47560989b673a13d003316846 Mon Sep 17 00:00:00 2001 From: Johnathan Ritzi Date: Mon, 25 Jul 2011 04:08:25 +0000 Subject: Clarify fixed issues in packages Mention that the CVE description isn't enough, and that the Debian package should be double-checked before assuming that an issue is fixed in a particular version. If someone wants to elaborate on how to double-check, I think that would be useful. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@16979 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/narrative_introduction | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'doc/narrative_introduction') diff --git a/doc/narrative_introduction b/doc/narrative_introduction index 3d15102b55..7b3409a12f 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -211,6 +211,11 @@ CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...) - gallery 1.5-2 (medium) +Even if the CVE description mentions it is fixed as of a particular +version, double-check the Debian package yourself (because sometimes +the CVE descriptions or information from databases like Secunia is +incorrect). + If it hasn't been fixed, we determine if there has been a bug filed about the issue, and if not, file one and then note it in the list (again with a severity level): -- cgit v1.2.3