[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DSA 1184 corrections

Jens Seidel wrote:
> Hi,
> I applied the following patch to CVS and hope I did it right. But I have
> one problem understanding the text:
> Index: dsa-1184.wml
> ===================================================================
> RCS file: /cvs/webwml/webwml/english/security/2006/dsa-1184.wml,v
> retrieving revision 1.5
> retrieving revision 1.6
> diff -u -r1.5 -r1.6
> --- dsa-1184.wml	29 Sep 2006 19:01:15 -0000	1.5
> +++ dsa-1184.wml	2 Oct 2006 17:35:13 -0000	1.6
> @@ -1,6 +1,6 @@
>  <define-tag description>several vulnerabilities</define-tag>
>  <define-tag moreinfo>
> -<p>This advisory covers the S/390 components of the recent security
> +<p>This advisory covers the S/390 component of the recent security

Umh...  Now the advisory text is misleading on the web:

   More information:

          This advisory covers the S/390 component of the recent
          security update for the Linux 2.6.8 kernel that was missing
          due to technical problems. For reference, please see the
          text of the original advisory.

This advisory DSA 1184 does not only cover the S/390 components but
updates for all architectures.  The update DSA 1184-2, linked at the
bottom as revised advisory (strictly speaking, it's not a revised
advisory but an addition, so maybe we need a new string and tag)
covers only the S/390 components.

Btw. since there are four binary packages for S/390, it's plural, hence,

When you want to copy the explanatory text for the S/390 parts, then
please add them to the proper advisory link, or link to the advisory
in the text, but don't make the world believe that the entire advisory
only covers S/390 when there are links to all architectures that are
supported with this particular kernel series.

Any takers for correction?

> @@ -67,7 +67,7 @@
>      <p>Diego Calleja Garcia discovered a buffer overflow in the DVD
>      handling code that could be exploited by a specially crafted DVD
> -    or USB storage device to execute arbitrary code.</p></li>
> +    USB storage device to execute arbitrary code.</p></li>

It is DVD or USB storage as both can trigger the vulnerability. 

Please don't change the meaning of security updates without consultation
of the security team.  Typos and broken wordings and the like that
doesn't change the meaning, please correct on your own, it's already
too bad that there are such bugs from time to time.

>  <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4093";>CVE-2006-4093</a>
> -    <p>Olof Johansson discovered that the kernel did not disable the HID0
> +    <p>Olof Johansson discovered that the kernel does not disable the HID0
>      bit on PowerPC 970 processors which could be exploited by a local
>      attacker to cause a denial of service.</p></li>

Yep, something like this... please just correct them right away.



Given enough thrust pigs will fly, but it's not necessarily a good idea.

Please always Cc to me when replying to me on the lists.

Reply to: