1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Improving the mageia-updates@ messages
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Improving%20the%20mageia-updates%40%20messages&In-Reply-To=%3CCAL%2BdqvCwjQ2xq7-5GVaVmz56pN8S__zxq1TBE7kVDMudahmWHg%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="004086.html">
<LINK REL="Next" HREF="004090.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Improving the mageia-updates@ messages</H1>
<B>D.Morgan</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Improving%20the%20mageia-updates%40%20messages&In-Reply-To=%3CCAL%2BdqvCwjQ2xq7-5GVaVmz56pN8S__zxq1TBE7kVDMudahmWHg%40mail.gmail.com%3E"
TITLE="[Mageia-sysadm] Improving the mageia-updates@ messages">dmorganec at gmail.com
</A><BR>
<I>Tue Nov 15 07:25:56 CET 2011</I>
<P><UL>
<LI>Previous message: <A HREF="004086.html">[Mageia-sysadm] Improving the mageia-updates@ messages
</A></li>
<LI>Next message: <A HREF="004090.html">[Mageia-sysadm] Test of upgrading to Bugzilla 4
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4091">[ date ]</a>
<a href="thread.html#4091">[ thread ]</a>
<a href="subject.html#4091">[ subject ]</a>
<a href="author.html#4091">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Fri, Nov 11, 2011 at 2:28 AM, Anssi Hannula <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">anssi at mageia.org</A>> wrote:
><i> Hi!
</I>><i>
</I>><i> I can think of some improvements to the update announcements:
</I>><i>
</I>><i> "Must-have":
</I>><i> - Affected distribution
</I>><i> - Updated package version-release (and probably names as well)
</I>><i>
</I>><i> "Nice-to-have":
</I>><i> - Unnecessary duplication in Subject line, drop the
</I>><i>  "Package update: " part since it already has "[updates-announce]".
</I>><i> - Information footer (at least mailing list info, maybe something else)
</I>><i> - Some kind of ID even without a real advisory database (other than
</I>><i>  mailing list archives, and some way to prevent duplicate ids by
</I>><i>  mistake), so that we can be included in pages like
</I>><i>  <A HREF="http://lwn.net/Alerts/">http://lwn.net/Alerts/</A>
</I>><i>  I suggest format 'MGASA-2011-1' for security updates.
</I>><i>  For other updates, maybe 'MGAA-2011-1', or 'MGAUA-2011-1'.
</I>><i>
</I>><i> "Maybe?":
</I>><i> - [mageia-updates] instead of [updates-announce]
</I>><i>
</I>><i>
</I>><i> For example:
</I>><i>
</I>><i> Subject: [mageia-updates] MGASA-2011-1: libpng
</I>><i> ________________________________________________________________________
</I>><i>
</I>><i>  Mageia Security Advisory                                  MGASA-2011-1
</I>><i>
</I>><i>  Distribution: Mageia 1
</I>><i>  Package: libpng
</I>><i> ________________________________________________________________________
</I>><i>
</I>><i> Several vulnerabilities were discovered and corrected in libpng:
</I>><i>
</I>><i> * All released versions of libpng (from 1.0 onward) have a buffer
</I>><i>  overrun in the code that promotes palette images with transparency
</I>><i>  (1 channel) to grayscale+alpha images (2 channels), but only for
</I>><i>  applications that call png_rgb_to_gray() and not png_set_expand().
</I>><i>  (None are known.) An arbitrary amount of memory may be overwritten
</I>><i>  in this case, with arbitrary (attacker-controlled) data.
</I>><i>  This vulnerability has been assigned ID CVE-2011-2690.
</I>><i>
</I>><i> * libpng 1.2.20 and later crashes in png_default_error() due to internal
</I>><i>  use of a NULL pointer instead of the empty string (""). This
</I>><i>  vulnerability
</I>><i>  has been assigned ID CVE-2011-2691.
</I>><i>
</I>><i> * Many (most?) versions of libpng read uninitialized memory when
</I>><i>  handling
</I>><i>  empty sCAL chunks, and they handle malformed sCAL chunks (those
</I>><i>  lacking
</I>><i>  a delimiting NULL between the internal strings) incorrectly.
</I>><i>  This vulnerability has been assigned ID CVE-2011-2692.
</I>><i>
</I>><i> The updated packages have been updated to latest stable version to
</I>><i> correct these issues, plus other bug fixes.
</I>><i> ________________________________________________________________________
</I>><i>
</I>><i> Updated packages: (or maybe only src package name + versions, to keep
</I>><i>                   it shorter for e.g. tb/firefox updates?)
</I>><i>
</I>><i> Mageia 1, i586:
</I>><i>   libpng3-1.2.46-1.mga1.i586.rpm
</I>><i>   libpng-devel-1.2.46-1.mga1.i586.rpm
</I>><i>   libpng-source-1.2.46-1.mga1.i586.rpm
</I>><i>   libpng-static-devel-1.2.46-1.mga1.i586.rpm
</I>><i>
</I>><i> Mageia 1, x86_64:
</I>><i>   lib64png3-1.2.46-1.mga1.x86_64.rpm
</I>><i>   lib64png-devel-1.2.46-1.mga1.x86_64.rpm
</I>><i>   lib64png-static-devel-1.2.46-1.mga1.x86_64.rpm
</I>><i>   libpng-source-1.2.46-1.mga1.x86_64.rpm
</I>><i>
</I>><i> --
</I>><i> mageia-updates mailing list.
</I>><i> To unsubscribe, blablabla.
</I>><i>
</I>><i>
</I>><i> --
</I>><i> Anssi Hannula
</I>
For me this is the perfect format we should reach.
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="004086.html">[Mageia-sysadm] Improving the mageia-updates@ messages
</A></li>
<LI>Next message: <A HREF="004090.html">[Mageia-sysadm] Test of upgrading to Bugzilla 4
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4091">[ date ]</a>
<a href="thread.html#4091">[ thread ]</a>
<a href="subject.html#4091">[ subject ]</a>
<a href="author.html#4091">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
