Debian Security Advisories (DSAs) are made whenever a security vulnerability is discovered that affects a Debian package. These advisories, signed by one of the Security Team members, include information of the versions affected as well as the location of the updates. This information is:
问题软件的版本号.
问题类型.
是会被远程攻击还是本地.
软件包的简短描述.
问题描述.
攻击描述.
修复描述.
DSAs published on the website might be updated after being sent to the public-mailing lists. A common update is adding cross references to security vulnerability databases. Also, translations
of DSAs are not sent to the security mailing lists but are directly included in the website.
Debian developers understand the need to provide accurate and up to date information of the security status of the Debian distribution, allowing users to manage the risk associated with new security vulnerabilities. CVE enables us to provide standardized references that allow users to develop a
http://www.cve.mitre.org/compatible/enterprise.html.
The
http://cve.mitre.org project is maintained by the MITRE Corporation and provides a list of standardized names for vulnerabilities and security exposures.
Debian 相信为用户提供影响 Debian 发行版的安全问题的附加信息是非常重要的. 在公告中 CVE 名称有助于用户了解漏洞与某个 Debian 安全更新的关系, 这有助于减少花费在处理影响我们用户的漏洞上的时间. 同时, 也使得对于部署了支持 CVE 的安全工具的环境的安全问题的管理变得简单 - 譬如基于网络或主机的入侵检测系统, 或漏洞评估工具, 不管它是不是基于 Debian 发行版的.
Debian provides CVE names for all DSAs released since September 1998. All of the advisories can be retrieved on the Debian web site, and announcements related to new vulnerabilities include CVE names if available at the time of their release. Advisories associated with a given CVE name can be searched directly through the Debian Security Tracker (see below).
In some cases you might not find a given CVE name in published advisories, for example because: