Author: chris
Date: 2012-10-26 00:15:09 -0600 (Fri, 26 Oct 2012)
New Revision: 10790
Modified:
trunk/BOOK/postlfs/security/vulnerabilities.xml
Log:
Text fixups on vuln page
Modified: trunk/BOOK/postlfs/security/vulnerabilities.xml
===================================================================
--- trunk/BOOK/postlfs/security/vulnerabilities.xml 2012-10-26 06:00:32 UTC
(rev 10789)
+++ trunk/BOOK/postlfs/security/vulnerabilities.xml 2012-10-26 06:15:09 UTC
(rev 10790)
@@ -25,7 +25,7 @@
<para>All software has bugs. Sometimes, a bug can be exploited, for example
to allow users to gain enhanced privileges (perhaps gaining a root shell,
or
- simply accessing or deleting other users' files), or to allow a remote
+ simply accessing or deleting other user's files), or to allow a remote
site to crash an application (denial of service), or for theft of data.
These
bugs are labelled as vulnerabilities.</para>
@@ -37,14 +37,14 @@
<command>configure</command> options, or only apply to old versions of
packages which have long since been updated in BLFS.</para>
- <para>BLFS differs from distributions - there is no BLFS security team and
+ <para>BLFS differs from distributions - there is no BLFS security team, and
the editors only become aware of vulnerabilities after they are public
knowledge. Sometimes, a package with a vulnerability will not be updated in
- the book for a long time. Issues can be logged in the trac system, which
+ the book for a long time. Issues can be logged in the Trac system, which
might speed up resolution.</para>
<para>The normal way for BLFS to fix a vulnerability is, ideally, to update
- the book to a new fixed releasse of the package. Sometimes that happens
even
+ the book to a new fixed release of the package. Sometimes that happens
even
before the vulnerability is public knowledge, so there is no guarantee that
it will be shown as a vulnerability fix in the Changelog. Alternatively, a
<command>sed</command> command, or a patch taken from a distribution, may
be
@@ -54,14 +54,14 @@
for assessing the potential impact of any problems.</para>
<para>To keep track of what is being discovered, you may wish to follow the
- security announcements of one or more distributions. For example, debian
have
- <ulink url="http://www.debian.org/security";>debian security</ulink>.
- fedora links on security are at
- <ulink url="http://fedoraproject.org/wiki/Security";>the fedora
wiki</ulink>.
- details of gentoo linux security announcements are discussed at
- <ulink url="http://www.gentoo.org/security";>gentoo security</ulink>.
+ security announcements of one or more distributions. For example, Debian
has
+ <ulink url="http://www.debian.org/security";>Debian security</ulink>.
+ Fedora's links on security are at
+ <ulink url="http://fedoraproject.org/wiki/Security";>the Fedora
wiki</ulink>.
+ details of Gentoo linux security announcements are discussed at
+ <ulink url="http://www.gentoo.org/security";>Gentoo security</ulink>.
and the Slackware archives of security announcements are at
- <ulink url="http://slackware.com/security";>slackware security</ulink>.
+ <ulink url="http://slackware.com/security";>Slackware security</ulink>.
</para>
<para>The most general English source is perhaps
@@ -71,7 +71,7 @@
<ulink url="http://www.heise.de/security";>heise.de</ulink> (German) or
<ulink url="http://www.cert.hr";>cert.hr</ulink> (Croatian). These are not
linux-specific. There is also a daily update at lwn.net for subscribers
- (free access to the data after 2 weeks), but their vulnerabilities
database at
+ (free access to the data after 2 weeks, but their vulnerabilities database
at
<ulink
url="http://lwn.net/Vulnerabilities/";>lwn.net/Vulnerabilities</ulink>
is unrestricted).</para>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
