Hi Joey, On Thu, Oct 05, 2006 at 09:06:41AM +0200, Martin Schulze wrote: > Jens Seidel wrote: > > I applied the following patch to CVS and hope I did it right. But I have > > one problem understanding the text: > > > > Index: dsa-1184.wml > > =================================================================== > > RCS file: /cvs/webwml/webwml/english/security/2006/dsa-1184.wml,v > > retrieving revision 1.5 > > retrieving revision 1.6 > > diff -u -r1.5 -r1.6 > > --- dsa-1184.wml 29 Sep 2006 19:01:15 -0000 1.5 > > +++ dsa-1184.wml 2 Oct 2006 17:35:13 -0000 1.6 > > @@ -1,6 +1,6 @@ > > <define-tag description>several vulnerabilities</define-tag> > > <define-tag moreinfo> > > -<p>This advisory covers the S/390 components of the recent security > > +<p>This advisory covers the S/390 component of the recent security
> Umh... Now the advisory text is misleading on the web: > > More information: > > This advisory covers the S/390 component of the recent > security update for the Linux 2.6.8 kernel that was missing > due to technical problems. For reference, please see the > text of the original advisory. > > This advisory DSA 1184 does not only cover the S/390 components but > updates for all architectures. The update DSA 1184-2, linked at the > bottom as revised advisory (strictly speaking, it's not a revised > advisory but an addition, so maybe we need a new string and tag) > covers only the S/390 components. > > Btw. since there are four binary packages for S/390, it's plural, hence, > components. OK, but shouldn't it be "that WERE missing" if you use plural or does "was" refer to "the recent security update"? Since I was not absolutely sure I sent this to debian-www. > > @@ -67,7 +67,7 @@ > > > > <p>Diego Calleja Garcia discovered a buffer overflow in the DVD > > handling code that could be exploited by a specially crafted DVD > > - or USB storage device to execute arbitrary code.</p></li> > > + USB storage device to execute arbitrary code.</p></li> > > It is DVD or USB storage as both can trigger the vulnerability. ? I googled for this vulnerability before I changed anything. As far as I understand the DVD driver/handling code is affected and this can only be exploited using a DVD hardware device, e.g. a USB DVD device or even an ATAPI drive. Since ATAPI was not mentioned (it's probably easier to exploit this by using an external device) I fixed the DSA. Do you really think an external USB hard disk device could be used? (BTW, what about DVD Firewire devices?) > Please don't change the meaning of security updates without consultation > of the security team. Typos and broken wordings and the like that OK, I added it to CC: and will be more carefully in the future. (There where no other changes to content from me, only typo fixes.) > doesn't change the meaning, please correct on your own, it's already > too bad that there are such bugs from time to time. PS: Since I translated the last DSAs into German I noticed a few inconsistencies probably related to the fact, that various people write now DSAs. Both "The Common Vulnerabilities and Exposures" »identifies the following problems:« and »identifies the following vulnerabilities:« is currently used. Joey preferred always "vulnerabilities" so that I used this blindly in my translations until I got corrected by Helge (http://lists.debian.org/debian-l10n-german/2006/10/msg00004.html). It's not very important but I would like it to be consistent :-) Jens -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
