Re: DSA 1184 corrections
Jens Seidel wrote:
> On Thu, Oct 05, 2006 at 09:06:41AM +0200, Martin Schulze wrote:
> > Jens Seidel wrote:
> > > I applied the following patch to CVS and hope I did it right. But I have
> > > one problem understanding the text:
> > >
> > > Index: dsa-1184.wml
> > > ===================================================================
> > > RCS file: /cvs/webwml/webwml/english/security/2006/dsa-1184.wml,v
> > > retrieving revision 1.5
> > > retrieving revision 1.6
> > > diff -u -r1.5 -r1.6
> > > --- dsa-1184.wml 29 Sep 2006 19:01:15 -0000 1.5
> > > +++ dsa-1184.wml 2 Oct 2006 17:35:13 -0000 1.6
> > > @@ -1,6 +1,6 @@
> > > <define-tag description>several vulnerabilities</define-tag>
> > > <define-tag moreinfo>
> > > -<p>This advisory covers the S/390 components of the recent security
> > > +<p>This advisory covers the S/390 component of the recent security
> > Umh... Now the advisory text is misleading on the web:
> > More information:
> > This advisory covers the S/390 component of the recent
> > security update for the Linux 2.6.8 kernel that was missing
> > due to technical problems. For reference, please see the
> > text of the original advisory.
> > This advisory DSA 1184 does not only cover the S/390 components but
> > updates for all architectures. The update DSA 1184-2, linked at the
> > bottom as revised advisory (strictly speaking, it's not a revised
> > advisory but an addition, so maybe we need a new string and tag)
> > covers only the S/390 components.
> > Btw. since there are four binary packages for S/390, it's plural, hence,
> > components.
> OK, but shouldn't it be "that WERE missing" if you use plural or does
> "was" refer to "the recent security update"?
You are correct.
> > > @@ -67,7 +67,7 @@
> > >
> > > <p>Diego Calleja Garcia discovered a buffer overflow in the DVD
> > > handling code that could be exploited by a specially crafted DVD
> > > - or USB storage device to execute arbitrary code.</p></li>
> > > + USB storage device to execute arbitrary code.</p></li>
> > It is DVD or USB storage as both can trigger the vulnerability.
> I googled for this vulnerability before I changed anything. As far as I
> understand the DVD driver/handling code is affected and this can only
> be exploited using a DVD hardware device, e.g. a USB DVD device or even
> an ATAPI drive.
Hmm, did I misunderstood it? I have no desire to dig out the details, so
I propose to leave the text as it is now (i.e. with your correction).
> OK, I added it to CC: and will be more carefully in the future. (There where
> no other changes to content from me, only typo fixes.)
Yes, saw it, and these changes are highly appreciated, at least by me.
Given enough thrust pigs will fly, but it's not necessarily a good idea.
Please always Cc to me when replying to me on the lists.