On Friday 12 January 2007 22:59, Moritz Muehlenhoff wrote: > We use a quite open system for maintaining our data, but some notes > to ensure a continuing high level of data quality:
some more hints: > - Do not trust vulnerability web sites or the CVE description! If there is a list of affected version on a site, and the version you are interested in is not there, then this means 'no information available' and not 'not affected'. Some PHP modules (e.g. tinymce, adodb) are embedded by many PHP apps. If a filename in a webapp is given, it is a good idea to search for it with apt-file. I find the check-new-issues script [1] useful, too (but YMMV). Look at secure-testing/data/embedded-code-copies. Use svn diff before commiting. Cheers, Stefan [1] http://lists.alioth.debian.org/pipermail/secure-testing-commits/2006-November/005139.html
pgpGrkws17wqj.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
