Author: jrdioko-guest
Date: 2011-07-25 04:08:25 +0000 (Mon, 25 Jul 2011)
New Revision: 16979
Modified:
doc/narrative_introduction
Log:
Clarify fixed issues in packages
Mention that the CVE description isn''t enough, and that
the Debian package should be double-checked before assuming
that an issue is fixed in a particular version. If someone
wants to elaborate on how to double-check, I think that would
be useful.
Modified: doc/narrative_introduction
==================================================================---
doc/narrative_introduction 2011-07-25 03:48:49 UTC (rev 16978)
+++ doc/narrative_introduction 2011-07-25 04:08:25 UTC (rev 16979)
@@ -211,6 +211,11 @@
with any Admin ...)
- gallery 1.5-2 (medium)
+Even if the CVE description mentions it is fixed as of a particular
+version, double-check the Debian package yourself (because sometimes
+the CVE descriptions or information from databases like Secunia is
+incorrect).
+
If it hasn''t been fixed, we determine if there has been a bug filed
about the issue, and if not, file one and then note it in the list
(again with a severity level):