Re: Advisory description text
Adam Majer wrote:
> Moritz Muehlenhoff wrote:
>> It was discovered that single quotes (') in cookies were treated
>> as a delimiter, which could lead to an information leak.
>> It was discovered that the character sequence \" in cookies was
>> handled incorrectly, which could lead to an information leak.
>> It was discovered that the WebDAV servlet is vulnerable to absolute
>> path traversal.
> First of all, this is not targeted at this specific advisory or any
> person writing this advisory. :)
> Generally, the first little bits of each and every CVE description
> above, as well as in other advisories sent out by Debian, is not needed.
> Please, remove the "It was discovered that" part from any templates that
> you may be using. That part is not needed. It is also implied and
> doesn't add anything to the advisory.
This is for consistency. Normally, we credit the person, who discovered
the issues, like:
Adam Majer discovered a stylistic error in advisory texts, which
may lead to local admin boredom, resulting in denial of service.
Only if the researcher is unknown it's simply replaced by "It was