Re: Advisory description text
Hi,
On 07.01. 13:54, Adam Majer wrote:
> Moritz Muehlenhoff wrote:
> > CVE-2007-3382
> >
> > It was discovered that single quotes (') in cookies were treated
> > as a delimiter, which could lead to an information leak.
> >
> > CVE-2007-3385
> >
> > It was discovered that the character sequence \" in cookies was
> > handled incorrectly, which could lead to an information leak.
> >
> > CVE-2007-5461
> >
> > It was discovered that the WebDAV servlet is vulnerable to absolute
> > path traversal.
> >
>
> First of all, this is not targeted at this specific advisory or any
> person writing this advisory. :)
>
> Generally, the first little bits of each and every CVE description
> above, as well as in other advisories sent out by Debian, is not needed.
> Please, remove the "It was discovered that" part from any templates that
> you may be using. That part is not needed. It is also implied and
> doesn't add anything to the advisory.
I respectfully disagree. A short summary of what a CVE is about is very
useful for everyone not intimately familiar with all CVEs. Remember
that Debian is not only used by seasoned professionals who know all
pertinent security advisory distribution channels by heart. A little
"redundancy" is a good thing when humans are involved.
Regards
uLI
Reply to: