Author: jmm-guest
Date: 2005-12-13 22:20:26 +0000 (Tue, 13 Dec 2005)
New Revision: 3027
Modified:
doc/narrative_introduction
Log:
document distribution tags
Modified: doc/narrative_introduction
==================================================================---
doc/narrative_introduction 2005-12-13 21:14:20 UTC (rev 3026)
+++ doc/narrative_introduction 2005-12-13 22:20:26 UTC (rev 3027)
@@ -196,11 +196,28 @@
NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
NOTE: this patch was never applied to the Debian package.
+Distribution tags
+-----------------
+Our data is primarily targeted at sid, as we track the version that
+a certain issue was fixed in sid. The Security Tracker web site (see
+below) derives information about the applicability of a vulnerability
+to stable and oldstable from the list of DSAs issued by the security
+team and the fact that a source package is part of a release.
+Distribution tags can be used to denote information about a vulnerability
+for the version of a package in a specific release. An example:
+CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running
on ...)
+ - drupal 4.5.6-1 (low)
+ [sarge] - drupal <not-affected> (Only vulnerable if running PHP
5)
+
+Drupal has been fixed since 4.5.6, however Drupal from Sarge still
isn''t
+vulnerable as the vulnerability is only effective when run under PHP 5,
+which isn''t part of Sarge.
+
TODO
----
-Need to document [sarge], [woody], and other tags
+Need to document <not-affected>, <removed>, REJECTED, RESERVED
Generated Reports
@@ -257,7 +274,7 @@
TODO:
-document severity levels
+document {} cross refs
document DSA/list
document DTSAs
document tsck