summaryrefslogtreecommitdiffstats
path: root/zarb-ml/mageia-sysadm/2011-November/004091.html
diff options
context:
space:
mode:
Diffstat (limited to 'zarb-ml/mageia-sysadm/2011-November/004091.html')
-rw-r--r--zarb-ml/mageia-sysadm/2011-November/004091.html140
1 files changed, 140 insertions, 0 deletions
diff --git a/zarb-ml/mageia-sysadm/2011-November/004091.html b/zarb-ml/mageia-sysadm/2011-November/004091.html
new file mode 100644
index 000000000..99fa56922
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2011-November/004091.html
@@ -0,0 +1,140 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+ <TITLE> [Mageia-sysadm] Improving the mageia-updates@ messages
+ </TITLE>
+ <LINK REL="Index" HREF="index.html" >
+ <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Improving%20the%20mageia-updates%40%20messages&In-Reply-To=%3CCAL%2BdqvCwjQ2xq7-5GVaVmz56pN8S__zxq1TBE7kVDMudahmWHg%40mail.gmail.com%3E">
+ <META NAME="robots" CONTENT="index,nofollow">
+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+ <LINK REL="Previous" HREF="004086.html">
+ <LINK REL="Next" HREF="004090.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+ <H1>[Mageia-sysadm] Improving the mageia-updates@ messages</H1>
+ <B>D.Morgan</B>
+ <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Improving%20the%20mageia-updates%40%20messages&In-Reply-To=%3CCAL%2BdqvCwjQ2xq7-5GVaVmz56pN8S__zxq1TBE7kVDMudahmWHg%40mail.gmail.com%3E"
+ TITLE="[Mageia-sysadm] Improving the mageia-updates@ messages">dmorganec at gmail.com
+ </A><BR>
+ <I>Tue Nov 15 07:25:56 CET 2011</I>
+ <P><UL>
+ <LI>Previous message: <A HREF="004086.html">[Mageia-sysadm] Improving the mageia-updates@ messages
+</A></li>
+ <LI>Next message: <A HREF="004090.html">[Mageia-sysadm] Test of upgrading to Bugzilla 4
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#4091">[ date ]</a>
+ <a href="thread.html#4091">[ thread ]</a>
+ <a href="subject.html#4091">[ subject ]</a>
+ <a href="author.html#4091">[ author ]</a>
+ </LI>
+ </UL>
+ <HR>
+<!--beginarticle-->
+<PRE>On Fri, Nov 11, 2011 at 2:28 AM, Anssi Hannula &lt;<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">anssi at mageia.org</A>&gt; wrote:
+&gt;<i> Hi!
+</I>&gt;<i>
+</I>&gt;<i> I can think of some improvements to the update announcements:
+</I>&gt;<i>
+</I>&gt;<i> &quot;Must-have&quot;:
+</I>&gt;<i> - Affected distribution
+</I>&gt;<i> - Updated package version-release (and probably names as well)
+</I>&gt;<i>
+</I>&gt;<i> &quot;Nice-to-have&quot;:
+</I>&gt;<i> - Unnecessary duplication in Subject line, drop the
+</I>&gt;<i> &#160;&quot;Package update: &quot; part since it already has &quot;[updates-announce]&quot;.
+</I>&gt;<i> - Information footer (at least mailing list info, maybe something else)
+</I>&gt;<i> - Some kind of ID even without a real advisory database (other than
+</I>&gt;<i> &#160;mailing list archives, and some way to prevent duplicate ids by
+</I>&gt;<i> &#160;mistake), so that we can be included in pages like
+</I>&gt;<i> &#160;<A HREF="http://lwn.net/Alerts/">http://lwn.net/Alerts/</A>
+</I>&gt;<i> &#160;I suggest format 'MGASA-2011-1' for security updates.
+</I>&gt;<i> &#160;For other updates, maybe 'MGAA-2011-1', or 'MGAUA-2011-1'.
+</I>&gt;<i>
+</I>&gt;<i> &quot;Maybe?&quot;:
+</I>&gt;<i> - [mageia-updates] instead of [updates-announce]
+</I>&gt;<i>
+</I>&gt;<i>
+</I>&gt;<i> For example:
+</I>&gt;<i>
+</I>&gt;<i> Subject: [mageia-updates] MGASA-2011-1: libpng
+</I>&gt;<i> ________________________________________________________________________
+</I>&gt;<i>
+</I>&gt;<i> &#160;Mageia Security Advisory &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160;MGASA-2011-1
+</I>&gt;<i>
+</I>&gt;<i> &#160;Distribution: Mageia 1
+</I>&gt;<i> &#160;Package: libpng
+</I>&gt;<i> ________________________________________________________________________
+</I>&gt;<i>
+</I>&gt;<i> Several vulnerabilities were discovered and corrected in libpng:
+</I>&gt;<i>
+</I>&gt;<i> * All released versions of libpng (from 1.0 onward) have a buffer
+</I>&gt;<i> &#160;overrun in the code that promotes palette images with transparency
+</I>&gt;<i> &#160;(1 channel) to grayscale+alpha images (2 channels), but only for
+</I>&gt;<i> &#160;applications that call png_rgb_to_gray() and not png_set_expand().
+</I>&gt;<i> &#160;(None are known.) An arbitrary amount of memory may be overwritten
+</I>&gt;<i> &#160;in this case, with arbitrary (attacker-controlled) data.
+</I>&gt;<i> &#160;This vulnerability has been assigned ID CVE-2011-2690.
+</I>&gt;<i>
+</I>&gt;<i> * libpng 1.2.20 and later crashes in png_default_error() due to internal
+</I>&gt;<i> &#160;use of a NULL pointer instead of the empty string (&quot;&quot;). This
+</I>&gt;<i> &#160;vulnerability
+</I>&gt;<i> &#160;has been assigned ID CVE-2011-2691.
+</I>&gt;<i>
+</I>&gt;<i> * Many (most?) versions of libpng read uninitialized memory when
+</I>&gt;<i> &#160;handling
+</I>&gt;<i> &#160;empty sCAL chunks, and they handle malformed sCAL chunks (those
+</I>&gt;<i> &#160;lacking
+</I>&gt;<i> &#160;a delimiting NULL between the internal strings) incorrectly.
+</I>&gt;<i> &#160;This vulnerability has been assigned ID CVE-2011-2692.
+</I>&gt;<i>
+</I>&gt;<i> The updated packages have been updated to latest stable version to
+</I>&gt;<i> correct these issues, plus other bug fixes.
+</I>&gt;<i> ________________________________________________________________________
+</I>&gt;<i>
+</I>&gt;<i> Updated packages: (or maybe only src package name + versions, to keep
+</I>&gt;<i> &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; &#160; it shorter for e.g. tb/firefox updates?)
+</I>&gt;<i>
+</I>&gt;<i> Mageia 1, i586:
+</I>&gt;<i> &#160; libpng3-1.2.46-1.mga1.i586.rpm
+</I>&gt;<i> &#160; libpng-devel-1.2.46-1.mga1.i586.rpm
+</I>&gt;<i> &#160; libpng-source-1.2.46-1.mga1.i586.rpm
+</I>&gt;<i> &#160; libpng-static-devel-1.2.46-1.mga1.i586.rpm
+</I>&gt;<i>
+</I>&gt;<i> Mageia 1, x86_64:
+</I>&gt;<i> &#160; lib64png3-1.2.46-1.mga1.x86_64.rpm
+</I>&gt;<i> &#160; lib64png-devel-1.2.46-1.mga1.x86_64.rpm
+</I>&gt;<i> &#160; lib64png-static-devel-1.2.46-1.mga1.x86_64.rpm
+</I>&gt;<i> &#160; libpng-source-1.2.46-1.mga1.x86_64.rpm
+</I>&gt;<i>
+</I>&gt;<i> --
+</I>&gt;<i> mageia-updates mailing list.
+</I>&gt;<i> To unsubscribe, blablabla.
+</I>&gt;<i>
+</I>&gt;<i>
+</I>&gt;<i> --
+</I>&gt;<i> Anssi Hannula
+</I>
+For me this is the perfect format we should reach.
+</PRE>
+
+<!--endarticle-->
+ <HR>
+ <P><UL>
+ <!--threads-->
+ <LI>Previous message: <A HREF="004086.html">[Mageia-sysadm] Improving the mageia-updates@ messages
+</A></li>
+ <LI>Next message: <A HREF="004090.html">[Mageia-sysadm] Test of upgrading to Bugzilla 4
+</A></li>
+ <LI> <B>Messages sorted by:</B>
+ <a href="date.html#4091">[ date ]</a>
+ <a href="thread.html#4091">[ thread ]</a>
+ <a href="subject.html#4091">[ subject ]</a>
+ <a href="author.html#4091">[ author ]</a>
+ </LI>
+ </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>