[Oval-devel] Description field in generated definitions

Pavel Vinogradov blaze at nixdev.net
Sat Jul 14 08:13:57 UTC 2007 

   As pointed by Jon Baker (
http://oval.mitre.org/community/archives/ovaldeveloper/2007-07/msg00018.html
):

- use of the description field - You have made extensive use of the
description field  even adding in hyperlinks. I recommend keeping the
description simple and then utilizing the xsd:any that follows the
description to create you own structured metadata. See line 198 of the
oval-definitions-schema.xsd. I know of 2 examples of good use of this
xsd:any space; the OVAL Repository, and the Redhat repository. Both of
these repositories utilize the xsd:any space to add in their own
metadata.

  Therefore i move moreinfo text in debian specific section. F.e.:

        <metadata>
        <title>several vulnerabilities</title>
        <affected family='unix'>
          <platform>Debian GNU/Linux 4.0</platform>
          <platform>Debian GNU/Linux 3.1</platform>
          <product>evolution</product>
        </affected>
        <reference source='CVE' ref_url='
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002'
ref_id='CVE-2007-1002'/>
        <reference source='CVE' ref_url='
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257'
ref_id='CVE-2007-3257'/>
        <description>What information can i put there?</description>
        <debian>
          <date>2007-06-29</date>
          <moreinfo>
Several remote vulnerabilities have been discovered in Evolution, a
groupware suite with mail client and organizer. The Common Vulnerabilities
and Exposures project identifies the following problems:
Ulf Härnhammar discovered that a format string vulnerability in
    the handling of shared calendars may allow the execution of arbitrary
    code.
It was discovered that the IMAP code in the Evolution Data Server
    performs insufficient sanitising of a value later used an array index,
    which can lead to the execution of arbitrary code.</moreinfo>
        </debian>
      </metadata>

  But where i can get information for original description section? In data
file i don't have such, in wml file can't  mark out proper data. Can anybody
suggest where get content for this field?
-- 
Pavel Vinogradov
NixDev.Net, Senior Linux Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/oval-devel/attachments/20070714/db225b64/attachment-0001.htm

More information about the Oval-devel mailing list