On 08.01.2014 02:14, Alex Legler wrote:
Reads as follows:
On hppa, there is no fixed version.
On all other arches, python in slot 3.2 is fixed in >=3.2.9, affected
for anything less, in the 3.3 slot, [3.3.0; 3.3.1[ and [3.3.3; 3.3.5[
are affected, for the 0 slot, anything <6.3 is affected.
I fear this less commonly used interval notation may not be known to
some people. See [1] for an explanation.
Further notes on that:
- If no slot attribute is given, it defaults to slot 0 (same as
Portage).
- Our existing (old) scheme employs a whitelist approach: We usually
only have one <vulnerable> entry and then list the <unaffected> versions
explicitly. Our new approach works more like a whitelist; if an entry
without the asof attribute (and possibly without a slot attribute) is
given, we sort of get the old behaviour.
- Human-readable texts reworked: Background + Description + Resolution
instead of (Synopsis) + Background + Description + Impact + Resolution.
The workaround field is also gone now. We never used it anyway, and it's
just another human-readable field that could as well be merged with the
resolution field.
[1] http://en.wikipedia.org/wiki/Interval_(mathematics)
