Hosting Provided By

Advisory description text

From: Adam Majer <adamm(at)galacticasoftware.com>
Date: Mon Jan 07 2008 - 14:54:54 EST

Moritz Muehlenhoff wrote:
> CVE-2007-3382
>
> It was discovered that single quotes (') in cookies were treated
> as a delimiter, which could lead to an information leak.
>
> CVE-2007-3385
>
> It was discovered that the character sequence \" in cookies was
> handled incorrectly, which could lead to an information leak.
>
> CVE-2007-5461
>
> It was discovered that the WebDAV servlet is vulnerable to absolute
> path traversal.
>

First of all, this is not targeted at this specific advisory or any person writing this advisory. :)

Generally, the first little bits of each and every CVE description above, as well as in other advisories sent out by Debian, is not needed. Please, remove the "It was discovered that" part from any templates that you may be using. That part is not needed. It is also implied and doesn't add anything to the advisory.

Adam

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Mon Jan 7 15:35:53 2008

This message: [ Message body ]
Next message: Christoph Ulrich Scholler: "Re: Advisory description text"
Previous message: ´ú°ìË°Æ±: "ÄãºÃÑ½£¡"
Next in thread: Christoph Ulrich Scholler: "Re: Advisory description text"
Reply: Christoph Ulrich Scholler: "Re: Advisory description text"
Reply: Moritz Muehlenhoff: "Re: Advisory description text"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:55:04 EDT