diff options
| author | Thijs Kinkhorst <thijs> | 2008-03-10 21:54:49 +0000 |
|---|---|---|
| committer | Thijs Kinkhorst <thijs> | 2008-03-10 21:54:49 +0000 |
| commit | 7c2206640e6012a5a1fd47f4dc7d449a8a855df3 (patch) | |
| tree | 25621d6fd47f5ad29fb12bc5d7462febde7d15af /english/security/cve-compatibility.wml | |
| parent | 89a92d3274bf6dd04fc0bb09352c7daae9115998 (diff) | |
First pass of a review of the documentation on security. The Security
Tracker is the canonical source for everything we know about security issues
and is hence a better and more up to date source of information than the
nonvulns lists and crossreferences. Deprecate or obsolete those lists
and refer people to the tracker instead.
CVS version numbers
english/security/Makefile: 1.58 -> 1.59
english/security/crossreferences.wml: 1.6 -> 1.7
english/security/cve-compatibility.wml: 1.18 -> 1.19
english/security/index.wml: 1.83 -> 1.84
english/security/nonvulns-etch.src: 1.33 -> 1.34(DEAD)
english/security/nonvulns-etch.wml: 1.1 -> 1.2(DEAD)
english/security/nonvulns-sarge.src: 1.93 -> 1.94(DEAD)
english/security/nonvulns-sarge.wml: 1.2 -> 1.3(DEAD)
english/security/nonvulns-woody.src: 1.114 -> 1.115(DEAD)
english/security/nonvulns-woody.wml: 1.1 -> 1.2(DEAD)
Diffstat (limited to 'english/security/cve-compatibility.wml')
| -rw-r--r-- | english/security/cve-compatibility.wml | 56 |
1 files changed, 14 insertions, 42 deletions
diff --git a/english/security/cve-compatibility.wml b/english/security/cve-compatibility.wml index 43c32e92a58..dbb3ee36e4a 100644 --- a/english/security/cve-compatibility.wml +++ b/english/security/cve-compatibility.wml @@ -33,23 +33,18 @@ whether or not they are based on the Debian distribution.</p> released since September 1998 through a review process started on August 2002. All of the advisories can be retrieved on the Debian web site, and announcements related to new vulnerabilities include -CVE names if available at the time of their release. Advisories -associated with a given CVE name can be searched directly through -the <a href="http://search.debian.org/">search engine</A>.</P> - -<P>Users who want to search for a particular CVE name can use the web -search engine available in debian.org to retrieve advisories available -(in English and translated to other languages) associated with CVE names. -A search can be made for a specific name (like -<a href="http://search.debian.org/?q=advisory+%22CAN-2002-0001%22&ps=50&o=1&m=all">advisory CAN-2002-0001</A>) -or for partial names -(like all the 2002 candidates included in advisories <a href="http://search.debian.org/?q=advisory+%22CAN-2002%22&ps=50&o=1&m=all">advisory CAN-2002</A>). -Notice that you need to enter the word <em>advisory</em> together with the -CVE name in order to retrieve <strong>only</strong> security advisories.</P> - -<P>Moreover, Debian provides a complete <a href="crossreferences">cross-reference -table</A> including all the references available for all the advisories -published since 1997. This table is provided to complement the +CVE names if available at the time of their release.</p> + +<p>The <a href="http://security-tracker.debian.org/">Debian Security Tracker</a> +has the canonical list of CVE names, corresponding Debian packages, Debian +Security Advisories and bug numbers. It can be searched on package name +or DSA/CVE name and contains data since the release of Debian Woody.</p> + +<p>For older data, you can use the website +<a href="http://search.debian.org/">search engine</A> or refer to the +<a href="crossreferences">cross-reference table</A> including all the references +available for all the advisories published since 1997. This table is provided +to complement the <a href="http://cve.mitre.org/cve/refs/refmap/source-DEBIAN.html">reference map available at CVE</A>.</P> @@ -68,7 +63,8 @@ questionnaire</A>.</P> <toc-add-entry name=find>Why don't I find a given CVE name?</toc-add-entry> -<P>You might not find a given CVE name in published advisories either +<P>The security tracker should have all CVE names. For the other lists, +you might not find a given CVE name in published advisories either because: <UL> <LI>No Debian products are affected by that vulnerability. @@ -77,30 +73,6 @@ because: vulnerability. </UL> -<toc-add-entry name=candidates>What is the difference between a CVE entry and a candidate?</toc-add-entry> - -<P>(from the CVE site)</P> - -<blockquote> -<p><em>CVE candidates are those vulnerabilities or -exposures under consideration for acceptance into CVE. -Candidates are assigned special names to distinguish them -from official CVE entries.</em></p> - -<p><em>Candidates are assigned special numbers that distinguish them from CVE -entries. However, these numbers become CVE entries if the candidate is -accepted into CVE. For example, a candidate number might be -CAN-1999-0067, while its eventual CVE number would be CVE-1999-0067. -Also, the assignment of a candidate number is not a guarantee that it -will become an official CVE entry.</em></p> - -<p><em>The database of published advisories is revised periodically to -determine those candidates that have been accepted as CVE entries.</em></p> -</blockquote> - -<P>For more information please read -<a href="http://cve.mitre.org/about/candidates.html">CVE Candidates explained</A>. - <toc-add-entry name=moreinfo>Where can I obtain more information?</toc-add-entry> <P>For more information visit the <a href="http://cve.mitre.org/">CVE |