Hello, -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Wiegand Sent: Monday, May 11, 2009 7:24 PM To: [email protected] Subject: [Openvas-discuss] Handling reported versions
* Michael Meyer [11. May 2009]: > > > Yes, I think this would be a good idea. We could define a standard >> > disclaimer text which plugins could use whenever they try remote version >> > identification. >> >> Ok, somebody must define this "disclaimer". Any volunteers? :-) >> I saw that the newest plugins from secpod contains the following: >> >> ***** >> NOTE: Please, ignore the warning if Patch is already applied. >> ***** >> >> Is that enough? > I would propose: > ***** > This warning was generated because $SOFTWARE on $REMOTE_HOST identified > itself as $VERSION and the authors of $SOFTWARE have declared versions > $FROM through $UNTIL to be affected by this issue. > Please note that this issue might have already been fixed by your > distribution maintainers without increasing the version number reported > By the software. If you are in doubt, please refer to the security > announcements from the maintainers of your distribution. > If you have identified this warning as a false positive, you can create > a filter by doing $(CREATE_FILTER_HOWTO). > ***** > What do you think? The first paragraph may not be needed. The proposal is to put this initially with the description (inside if(description)). So, the variables $SOFTWARE $REMOTE_HOST cannot be updated with the determined value as the desc variable will not be in scope. I think the second paragraph is good enough. Thanks, Chandra. _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
