Jens Seidel wrote:
> On Thu, Oct 05, 2006 at 09:06:41AM +0200, Martin Schulze wrote:
> > Jens Seidel wrote:
> > > I applied the following patch to CVS and hope I did it right. But I have
> > > one problem understanding the text:
> > >
> > > Index: dsa-1184.wml
> > > ===================================================================
> > > RCS file: /cvs/webwml/webwml/english/security/2006/dsa-1184.wml,v
> > > retrieving revision 1.5
> > > retrieving revision 1.6
> > > diff -u -r1.5 -r1.6
> > > --- dsa-1184.wml 29 Sep 2006 19:01:15 -0000 1.5
> > > +++ dsa-1184.wml 2 Oct 2006 17:35:13 -0000 1.6
> > > @@ -1,6 +1,6 @@
> > > <define-tag description>several vulnerabilities</define-tag>
> > > <define-tag moreinfo>
> > > -<p>This advisory covers the S/390 components of the recent security
> > > +<p>This advisory covers the S/390 component of the recent security
>
> > Umh... Now the advisory text is misleading on the web:
> >
> > More information:
> >
> > This advisory covers the S/390 component of the recent
> > security update for the Linux 2.6.8 kernel that was missing
> > due to technical problems. For reference, please see the
> > text of the original advisory.
> >
> > This advisory DSA 1184 does not only cover the S/390 components but
> > updates for all architectures. The update DSA 1184-2, linked at the
> > bottom as revised advisory (strictly speaking, it's not a revised
> > advisory but an addition, so maybe we need a new string and tag)
> > covers only the S/390 components.
> >
> > Btw. since there are four binary packages for S/390, it's plural, hence,
> > components.
>
> OK, but shouldn't it be "that WERE missing" if you use plural or does
> "was" refer to "the recent security update"?
Oops...
You are correct.
> > > @@ -67,7 +67,7 @@
> > >
> > > <p>Diego Calleja Garcia discovered a buffer overflow in the DVD
> > > handling code that could be exploited by a specially crafted DVD
> > > - or USB storage device to execute arbitrary code.</p></li>
> > > + USB storage device to execute arbitrary code.</p></li>
> >
> > It is DVD or USB storage as both can trigger the vulnerability.
>
> ?
>
> I googled for this vulnerability before I changed anything. As far as I
> understand the DVD driver/handling code is affected and this can only
> be exploited using a DVD hardware device, e.g. a USB DVD device or even
> an ATAPI drive.
Hmm, did I misunderstood it? I have no desire to dig out the details, so
I propose to leave the text as it is now (i.e. with your correction).
> OK, I added it to CC: and will be more carefully in the future. (There where
> no other changes to content from me, only typo fixes.)
Yes, saw it, and these changes are highly appreciated, at least by me.
Regards,
Joey
--
Given enough thrust pigs will fly, but it's not necessarily a good idea.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
