Reformating and add of details in dsa-880.wml
Hi,
By translating dsa-880.wml to french, I have done some improvements of
formating the (note about woody should be a <p> like sarge and sid) and
added the missing links to CVE references.
That gives this kind of result:
http://www.debian.org/security/2005/dsa-880.fr.html
Please find attached a fixed version of english dsa-880.wml and a patch
for lisibility.
--
Simon Paillard
<define-tag description>several vulnerabilities</define-tag>
<define-tag moreinfo>
<p>Several cross-site scripting vulnerabilities have been discovered in
phpmyadmin, a set of PHP-scripts to administrate MySQL over the WWW.
The Common Vulnerabilities and Exposures project identifies the
following problems:</p>
<ul>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2869";>CAN-2005-2869</a>
<p>Andreas Kerber and Michal Cihar discovered several cross-site
scripting vulnerabilities in the error page and in the cookie
login.</p></li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3300";>CVE-2005-3300</a>
<p>Stefan Esser discovered missing safety checks in grab_globals.php
that could allow an attacker to induce phpmyadmin to include an
arbitrary local file.</p></li>
<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3301";>CVE-2005-3301</a>
<p>Tobias Klein discovered several cross-site scripting
vulnerabilities that could allow attackers to inject arbitrary
HTML or client-side scripting.</p></li>
</ul>
<p>The version in the old stable distribution (woody) has probably its
own flaws and is not easily fixable without a full audit and patch
session. The easier way is to upgrade it from woody to sarge.</p>
<p>For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge1.</p>
<p>For the unstable distribution (sid) these problems have been fixed in
version 2.6.4-pl3-1.</p>
<p>We recommend that you upgrade your phpmyadmin package.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2005/dsa-880.data"
# $Id: dsa-880.wml,v 1.1 2005/11/02 11:14:36 joey Exp $
Index: english/security/2005/dsa-880.wml
===================================================================
RCS file: /cvs/webwml/webwml/english/security/2005/dsa-880.wml,v
retrieving revision 1.2
diff -u -r1.2 dsa-880.wml
--- english/security/2005/dsa-880.wml 3 Nov 2005 08:12:54 -0000 1.2
+++ english/security/2005/dsa-880.wml 3 Nov 2005 15:57:02 -0000
@@ -11,25 +11,25 @@
<p>Andreas Kerber and Michal Cihar discovered several cross-site
scripting vulnerabilities in the error page and in the cookie
- login.</p>
+ login.</p></li>
-<p>CVE-2005-3300</p>
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3300";>CVE-2005-3300</a>
<p>Stefan Esser discovered missing safety checks in grab_globals.php
that could allow an attacker to induce phpmyadmin to include an
- arbitrary local file.</p>
+ arbitrary local file.</p></li>
-<p>CVE-2005-3301</p>
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3301";>CVE-2005-3301</a>
<p>Tobias Klein discovered several cross-site scripting
vulnerabilities that could allow attackers to inject arbitrary
- HTML or client-side scripting.</p>
+ HTML or client-side scripting.</p></li>
+
+</ul>
<p>The version in the old stable distribution (woody) has probably its
own flaws and is not easily fixable without a full audit and patch
-session. The easier way is to upgrade it from woody to sarge.</p></li>
-
-</ul>
+session. The easier way is to upgrade it from woody to sarge.</p>
<p>For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge1.</p>
@@ -42,4 +42,4 @@
# do not modify the following line
#include "$(ENGLISHDIR)/security/2005/dsa-880.data"
-# $Id: dsa-880.wml,v 1.2 2005/11/03 08:12:54 joey Exp $
+# $Id: dsa-880.wml,v 1.1 2005/11/02 11:14:36 joey Exp $
Reply to: