Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9de13b75 by Arnaud Rebillout at 2026-02-02T10:32:25+07:00 doc: Minor changes (typos and markdown formatting) - - - - - 65c23fb7 by Arnaud Rebillout at 2026-02-02T10:32:43+07:00 doc: Add NVD to glossary - - - - - 593bcb57 by Salvatore Bonaccorso at 2026-02-02T22:20:32+01:00 Merge branch 'doc-typos-and-format' into 'master' Doc typos and format See merge request security-tracker-team/security-tracker!261 - - - - - 2 changed files: - doc/security-team.d.o/glossary - doc/security-team.d.o/security_tracker Changes: ===================================== doc/security-team.d.o/glossary ===================================== @@ -21,5 +21,8 @@ <a id="nfu">NFU</a> : Not For Us. This designation is placed on a CVE that does not directly affect Debian. [More info on NFU](https://security-team.debian.org/security_tracker.html#issues-not-for-us-nfu) +<a id="nvd">NVD</a> +: National Vulnerability Database, US government CVE repository. [Website](https://nvd.nist.gov/) + <a id="oss-sec">oss-security</a> : *Open Source Software Security*. Community for open source software security research, best known for its equally named mailing list. [Website](http://oss-security.openwall.org/) ===================================== doc/security-team.d.o/security_tracker ===================================== @@ -45,13 +45,13 @@ be used, which will filter out all blobs (file contents) until needed by Git. This will check out the working repository (given that you already have -an [Salsa +a [Salsa account](https://wiki.debian.org/Salsa/Doc#Users:_Login_and_Registration). After successful downloading, you will have a new directory called `security-tracker`. Inside this directory are a number of subdirectories. The `data` directory is where we do most of our work. -After the initial clone please run +After the initial clone please run: bin/setup-repo @@ -205,7 +205,7 @@ A special exception is made for kernel related issues. The kernel-sec group will take care of them. It is not necessary to file bugs in the BTS for kernel security issues, it only causes overhead. -If you want to report a bug, bin/report-vuln might be helpful in creating +If you want to report a bug, `bin/report-vuln` might be helpful in creating the bug report. If a vulnerability does not affect Debian, e.g., because the vulnerable @@ -252,7 +252,7 @@ you're also fixing the issue in the process, which is of course the ideal way to help/contribute). ### Packages in Experimental only -There are some packages that only exists in experimental. In that +There are some packages that only exist in experimental. In that case, place the distribution tag `experimental`. For example: CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...) @@ -269,7 +269,7 @@ is appreciated though. For example: ### Issues in ITP and/or RFP packages If an issue is discovered in a package that has an RFP or ITP already filed, -then that is also noted in order to track the problem, and made sure it is +then that is also noted in order to track the problem, and make sure it is resolved before the package enters the archive. These issues are marked with the `<itp>` tag. Note this includes both ITPs and RFPs since (from a security tracking standpoint) there is no advantage in tracking them in separate ways. @@ -327,7 +327,7 @@ checks after a new release. ### end-of-life packages -In rare cases (i.e., webbrowsers) security support for packages +In rare cases (i.e., web browsers) security support for packages needs to be stopped before the end of the regular security maintenance life cycle. @@ -374,7 +374,7 @@ descriptive so that it is clear what remains to be done. For example: If you are not sure about some decision (e.g., which package is affected) or triaging (e.g., bug severity) you can leave a TODO note for reviewing, -explaining which aspect have to be reviewed. For example: +explaining which aspect has to be reviewed. For example: CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...) - tor 0.2.4.20-1 (low) @@ -603,7 +603,7 @@ used for descriptive comments. Syntax of mysa-needed.txt files ------------------------------- -The mysa-needed.txt files (such as dsa-needed.txt) contain a list of packages +The `mysa-needed.txt` files (such as `dsa-needed.txt`) contain a list of packages that need to be updated. Lines containing two dashes (`--`) are used as separators. Anything before the first separator are comments. After that, the first line in each section should contain the package name, possibly followed @@ -796,7 +796,7 @@ Setting up an extended instance ------------------------------- The security tracker supports extra sources of data, which can be used -to override or extend the information in CVE/list, and to support your +to override or extend the information in `CVE/list`, and to support your own announce lists. To do that, add a CVEExtendFile source to `data/config.json`. Entries in that file can add information to an existing CVE, e.g. to mark it as fixed or ignored, or to mark it as View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b87f75c70c200189ee374ba764a9abef951b85b...593bcb57608bb8a3a8624bdee373577927a50206 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b87f75c70c200189ee374ba764a9abef951b85b...593bcb57608bb8a3a8624bdee373577927a50206 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
