As pointed by Jon Baker (<a href="http://oval.mitre.org/community/archives/ovaldeveloper/2007-07/msg00018.html">http://oval.mitre.org/community/archives/ovaldeveloper/2007-07/msg00018.html</a>):<br><pre>- use of the description field - You have made extensive use of the
<br>description field even adding in hyperlinks. I recommend keeping the<br>description simple and then utilizing the xsd:any that follows the<br>description to create you own structured metadata. See line 198 of the<br>
oval-definitions-schema.xsd. I know of 2 examples of good use of this<br>xsd:any space; the OVAL Repository, and the Redhat repository. Both of<br>these repositories utilize the xsd:any space to add in their own<br>metadata.
</pre> Therefore i move moreinfo text in debian specific section. F.e.:<br><br> <metadata><br> <title>several vulnerabilities</title><br> <affected family='unix'><br> <platform>Debian GNU/Linux
4.0</platform><br> <platform>Debian GNU/Linux 3.1</platform><br> <product>evolution</product><br> </affected><br> <reference source='CVE' ref_url='
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002</a>' ref_id='CVE-2007-1002'/><br> <reference source='CVE' ref_url='
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257</a>' ref_id='CVE-2007-3257'/><br> <description>What information can i put there?</description>
<br> <debian><br> <date>2007-06-29</date><br> <moreinfo><br>Several remote vulnerabilities have been discovered in Evolution, a<br>groupware suite with mail client and organizer. The Common Vulnerabilities
<br>and Exposures project identifies the following problems:<br>Ulf Härnhammar discovered that a format string vulnerability in<br> the handling of shared calendars may allow the execution of arbitrary<br> code.<br>
It was discovered that the IMAP code in the Evolution Data Server<br> performs insufficient sanitising of a value later used an array index,<br> which can lead to the execution of arbitrary code.</moreinfo><br>
</debian><br> </metadata><br><br clear="all"> But where i can get information for original description section? In data file i don't have such, in wml file can't mark out proper data. Can anybody suggest where get content for this field?
<br>-- <br>Pavel Vinogradov<br>NixDev.Net, Senior Linux Developer