On Mon, Jan 07, 2008 at 10:20:40PM +0100, Christoph Ulrich Scholler wrote: > Hi, > > On 07.01. 13:54, Adam Majer wrote: > > Moritz Muehlenhoff wrote: > > > CVE-2007-3382 > > > > > > It was discovered that single quotes (') in cookies were treated > > > as a delimiter, which could lead to an information leak. > > > > > > CVE-2007-3385 > > > > > > It was discovered that the character sequence \" in cookies was > > > handled incorrectly, which could lead to an information leak. > > > > > > CVE-2007-5461 > > > > > > It was discovered that the WebDAV servlet is vulnerable to absolute > > > path traversal. > > > > > > > First of all, this is not targeted at this specific advisory or any > > person writing this advisory. :) > > > > Generally, the first little bits of each and every CVE description > > above, as well as in other advisories sent out by Debian, is not needed. > > Please, remove the "It was discovered that" part from any templates that > > you may be using. That part is not needed. It is also implied and > > doesn't add anything to the advisory. > > I respectfully disagree. A short summary of what a CVE is about is very > useful for everyone not intimately familiar with all CVEs. Remember > that Debian is not only used by seasoned professionals who know all > pertinent security advisory distribution channels by heart. A little > "redundancy" is a good thing when humans are involved. I think that the OP wanted things to read: | CVE-2007-3382 | | Single quotes (') in cookies were treated as a delimiter, which | could lead to an information leak. Rather than remove the whole description. -- Rob I know you think you thought you knew what you thought I said, but I'm not sure you understood what you thought I meant.
Attachment:
signature.asc
Description: Digital signature