Re: DSA 1184 corrections

To: debian-www@lists.debian.org, debian-security@lists.debian.org
Subject: Re: DSA 1184 corrections
From: Martin Schulze <joey@infodrom.org>
Date: Thu, 5 Oct 2006 10:31:44 +0200
Message-id: <[🔎] 20061005083144.GG15240@finlandia.home.infodrom.org>
In-reply-to: <[🔎] 20061005081939.GA12372@imkf-pc73.imkf.tu-freiberg.de>
References: <[🔎] 20061002175523.GA2822@pluto> <[🔎] 20061005070641.GE21211@finlandia.home.infodrom.org> <[🔎] 20061005081939.GA12372@imkf-pc73.imkf.tu-freiberg.de>

Jens Seidel wrote:
> On Thu, Oct 05, 2006 at 09:06:41AM +0200, Martin Schulze wrote:
> > Jens Seidel wrote:
> > > I applied the following patch to CVS and hope I did it right. But I have
> > > one problem understanding the text:
> > > 
> > > Index: dsa-1184.wml
> > > ===================================================================
> > > RCS file: /cvs/webwml/webwml/english/security/2006/dsa-1184.wml,v
> > > retrieving revision 1.5
> > > retrieving revision 1.6
> > > diff -u -r1.5 -r1.6
> > > --- dsa-1184.wml	29 Sep 2006 19:01:15 -0000	1.5
> > > +++ dsa-1184.wml	2 Oct 2006 17:35:13 -0000	1.6
> > > @@ -1,6 +1,6 @@
> > >  <define-tag description>several vulnerabilities</define-tag>
> > >  <define-tag moreinfo>
> > > -<p>This advisory covers the S/390 components of the recent security
> > > +<p>This advisory covers the S/390 component of the recent security
> 
> > Umh...  Now the advisory text is misleading on the web:
> > 
> >    More information:
> > 
> >           This advisory covers the S/390 component of the recent
> >           security update for the Linux 2.6.8 kernel that was missing
> >           due to technical problems. For reference, please see the
> >           text of the original advisory.
> > 
> > This advisory DSA 1184 does not only cover the S/390 components but
> > updates for all architectures.  The update DSA 1184-2, linked at the
> > bottom as revised advisory (strictly speaking, it's not a revised
> > advisory but an addition, so maybe we need a new string and tag)
> > covers only the S/390 components.
> > 
> > Btw. since there are four binary packages for S/390, it's plural, hence,
> > components.
> 
> OK, but shouldn't it be "that WERE missing" if you use plural or does
> "was" refer to "the recent security update"?

Oops...

You are correct.

> > > @@ -67,7 +67,7 @@
> > >  
> > >      <p>Diego Calleja Garcia discovered a buffer overflow in the DVD
> > >      handling code that could be exploited by a specially crafted DVD
> > > -    or USB storage device to execute arbitrary code.</p></li>
> > > +    USB storage device to execute arbitrary code.</p></li>
> > 
> > It is DVD or USB storage as both can trigger the vulnerability. 
> 
> ?
> 
> I googled for this vulnerability before I changed anything. As far as I
> understand the DVD driver/handling code is affected and this can only
> be exploited using a DVD hardware device, e.g. a USB DVD device or even
> an ATAPI drive.

Hmm, did I misunderstood it?  I have no desire to dig out the details, so
I propose to leave the text as it is now (i.e. with your correction).

> OK, I added it to CC: and will be more carefully in the future. (There where
> no other changes to content from me, only typo fixes.)

Yes, saw it, and these changes are highly appreciated, at least by me.

Regards,

	Joey

-- 
Given enough thrust pigs will fly, but it's not necessarily a good idea.

Please always Cc to me when replying to me on the lists.

Reply to:

References:
- DSA 1184 corrections
  - From: Jens Seidel <jensseidel@users.sf.net>
- Re: DSA 1184 corrections
  - From: Martin Schulze <joey@infodrom.org>
- Re: DSA 1184 corrections
  - From: Jens Seidel <jensseidel@users.sf.net>

Prev by Date: Re: DSA 1184 corrections
Next by Date: Re: DSA 1184 corrections
Previous by thread: Re: DSA 1184 corrections
Next by thread: Re: DSA 1184 corrections
Index(es):
- Date
- Thread