From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <rider@altlinux.com>
References: <CA++8mroLzV0omo9_g1kB=XaqzpH9t+F8Dgi=PeXr1APLEO-5VQ@mail.gmail.com>
 <fa25c709-2006-5b6e-e767-a1492bac0dd5@altlinux.com>
 <20170221183312.GD8122@imap.altlinux.org>
 <20170221184433.GA27660@altlinux.org>
To: devel@lists.altlinux.org
From: Anton Farygin <rider@altlinux.com>
Message-ID: <dc205f5b-86a9-c6ec-4243-6d8b242c5aea@altlinux.com>
Date: Tue, 21 Feb 2017 22:02:57 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <20170221184433.GA27660@altlinux.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [devel] Vulnerability policy
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Feb 2017 19:02:58 -0000
Archived-At: <http://lore.altlinux.org/devel/dc205f5b-86a9-c6ec-4243-6d8b242c5aea@altlinux.com/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

21.02.2017 21:44, Dmitry V. Levin пишет:
> Но если кому-то существенно удобнее записывать это как-то иначе и без
> скобочек, то, наверное, это можно формализовать и включить в правила.

Мне в последнее время нравится такая трактовка, предпочёл бы её, когда 
есть время всё это описывать:

- Fixed:
+ CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
+ CVE-2017-5376: Use-after-free in XSL
+ CVE-2017-5377: Memory corruption with transforms to create gradients 
in Skia
+ CVE-2017-5378: Pointer and frame data leakage of Javascript objects
+ CVE-2017-5379: Use-after-free in Web Animations
+ CVE-2017-5380: Potential use-after-free during DOM manipulations
+ CVE-2017-5390: Insecure communication methods in Developer Tools JSON 
viewer
+ CVE-2017-5389: WebExtensions can install additional add-ons via 
modified host requests
+ CVE-2017-5396: Use-after-free with Media Decoder
+ CVE-2017-5381: Certificate Viewer exporting can be used to navigate 
and save to arbitrary filesystem locations
+ CVE-2017-5382: Feed preview can expose privileged content errors and 
exceptions
+ CVE-2017-5383: Location bar spoofing with unicode characters
+ CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
+ CVE-2017-5385: Data sent in multipart channels ignores referrer-policy 
response headers
+ CVE-2017-5386: WebExtensions can use data: protocol to affect other 
extensions
+ CVE-2017-5394: Android location bar spoofing using fullscreen and 
JavaScript events
+ CVE-2017-5391: Content about: pages can load privileged about: pages
+ CVE-2017-5392: Weak references using multiple threads on weak proxy 
objects lead to unsafe memory usage
+ CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for 
mozAddonManager
+ CVE-2017-5395: Android location bar spoofing during scrolling
+ CVE-2017-5387: Disclosure of local file existence through TRACK tag 
error messages
+ CVE-2017-5388: WebRTC can be used to generate a large amount of UDP 
traffic for DDOS attacks
+ CVE-2017-5374: Memory safety bugs fixed in Firefox 51
+ CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7