Advisory description text

To: debian-security@lists.debian.org
Subject: Advisory description text
From: Adam Majer <adamm@galacticasoftware.com>
Date: Mon, 07 Jan 2008 13:54:54 -0600
Message-id: <[🔎] 4782838E.5080101@galacticasoftware.com>
In-reply-to: <20080107184120.GA3406@galadriel.inutil.org>
References: <20080107184120.GA3406@galadriel.inutil.org>

Moritz Muehlenhoff wrote:
> CVE-2007-3382
> 
>     It was discovered that single quotes (') in cookies were treated
>     as a delimiter, which could lead to an information leak.
> 
> CVE-2007-3385
> 
>     It was discovered that the character sequence \" in cookies was
>     handled incorrectly, which could lead to an information leak.
> 
> CVE-2007-5461
> 
>     It was discovered that the WebDAV servlet is vulnerable to absolute
>     path traversal.
> 

First of all, this is not targeted at this specific advisory or any
person writing this advisory. :)

Generally, the first little bits of each and every CVE description
above, as well as in other advisories sent out by Debian, is not needed.
Please, remove the "It was discovered that" part from any templates that
you may be using. That part is not needed. It is also implied and
doesn't add anything to the advisory.

- Adam

Reply to:

Follow-Ups:
- Re: Advisory description text
  - From: scholler@fnb.tu-darmstadt.de (Christoph Ulrich Scholler)
- Re: Advisory description text
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: 週間ダイアモンドDXで紹介
Next by Date: Re: Advisory description text
Previous by thread: 週間ダイアモンドDXで紹介
Next by thread: Re: Advisory description text
Index(es):
- Date
- Thread