[Secure-testing-team] Some notes on data commits
Stefan Fritsch
sf at sfritsch.de
Sat Jan 13 11:41:36 CET 2007
On Friday 12 January 2007 22:59, Moritz Muehlenhoff wrote:
> We use a quite open system for maintaining our data, but some notes
> to ensure a continuing high level of data quality:
some more hints:
> - Do not trust vulnerability web sites or the CVE description!
If there is a list of affected version on a site, and the version you
are interested in is not there, then this means 'no information
available' and not 'not affected'.
Some PHP modules (e.g. tinymce, adodb) are embedded by many PHP apps.
If a filename in a webapp is given, it is a good idea to search for
it with apt-file. I find the check-new-issues script [1] useful, too
(but YMMV).
Look at secure-testing/data/embedded-code-copies.
Use svn diff before commiting.
Cheers,
Stefan
[1]
http://lists.alioth.debian.org/pipermail/secure-testing-commits/2006-November/005139.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070113/0184cec2/attachment-0001.pgp
More information about the Secure-testing-team
mailing list