Hi all, On 09/25/2014 06:53 PM, Remi Gacogne wrote:
A recent discussion on the #archlinux-security IRC channel led to the proposal of posting security announcements to the arch-security mailing-list every time a vulnerability concerning an Arch Linux package is disclosed, as other distributions are already doing.
We have also created a Security Advisories [0] wiki page which list the most recent advisories from this mailinglist. After a short discussion on IRC we have chosen the ASA-YYYYMM-N identifier (which you may already have noticed from Remi's last advisory). This ASA-ID can be used as a short reference and is also included in the new advisories page [0] and the CVE-2014 page [2].
Based on an idea by Bluewind, I made the following template for advisories, and will be sending an advisory for the recent NSS vulnerability as an example in the next few minutes.
The template can also be found at the wiki page [1] and is reflecting the current state of the advisory template. kind regards, Levente [0] https://wiki.archlinux.org/index.php/Security_Advisories [1] https://wiki.archlinux.org/index.php/Security_Advisories#Template [2] https://wiki.archlinux.org/index.php/CVE-2014