[Secure-testing-commits] r1660 - / data data/CAN data/CVE data/DTSA doc website

Joey Hess joeyh at costa.debian.org
Fri Aug 26 20:24:18 UTC 2005


Author: joeyh
Date: 2005-08-26 20:24:15 +0000 (Fri, 26 Aug 2005)
New Revision: 1660

Added:
   data/DTSA/
   data/DTSA/DTSA-1-1
   data/DTSA/list
   data/DTSA/mkadvisory
   data/DTSA/template
Modified:
   TODO
   data/CAN/Makefile
   data/CAN/list
   data/CVE/Makefile
   data/checklist
   data/updatelist
   doc/announce.2
   website/index.html
Log:
- add support for DTSAs, with a new DTDA directory, a script to generate
  them, etc
- automatic db update with DTSA


Modified: TODO
===================================================================
--- TODO	2005-08-26 18:51:21 UTC (rev 1659)
+++ TODO	2005-08-26 20:24:15 UTC (rev 1660)
@@ -1,12 +1,5 @@
 * Set up for DTSAs
 
-  - Procedure for DTSA number assignment.
-
-  - Need a way to generate a DTSA given a set of .changes files
-    for the packages/architectures that will be in the DTSA. The amber
-    program in katie can do this, but is not designed for our situation.
-    Something based on amber's template needs to be implemented.
-
   - Need a way for team members to hint packages from etch-proposed-updates
     to etch on secure-testing-master. Hint files similar to those used by
     release team?
@@ -14,10 +7,12 @@
   - Need a way to do an advisory for some arches and then auto-sync the
     rest as they get built.
 
-  - Web display of DTSAs
+  - Web display of DTSAs.
 
-  - Integrate DTSAs into checklist script, so it stops listing holes that
-    have had a DTSA issued.
+  - Better integrate DTSAs into checklist script, so it stops listing holes
+    that have had a DTSA issued.
+  
+  - Auto moderation of developer signed mails to -announce.
 
 * Merge stuff into security.debian.org. Long term, but we need to keep in
   mind that the current setup is just to get bootstrapped.

Modified: data/CAN/Makefile
===================================================================
--- data/CAN/Makefile	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/CAN/Makefile	2005-08-26 20:24:15 UTC (rev 1660)
@@ -1,5 +1,5 @@
 update:
 	rm -f full-can.html
 	wget --quiet http://www.cve.mitre.org/cve/candidates/downloads/full-can.html
-	../updatelist full-can.html ../DSA/list list > list.new
+	../updatelist full-can.html ../DSA/list ../DTSA/list list > list.new
 	mv -f list.new list

Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/CAN/list	2005-08-26 20:24:15 UTC (rev 1660)
@@ -156,8 +156,10 @@
 CAN-2005-2628
 	NOTE: reserved
 CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
+	{DTSA-1-1}
 	- kismet 2005.08.R1-1 (bug #323386; high)
 CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
+	{DTSA-1-1}
 	- kismet 2005.08.R1-1 (bug #323386; high)
 CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
 	NOTE: not-for-us (MS IE)
@@ -3823,12 +3825,14 @@
 	NOTE: not-for-us (arshell)
 CAN-2005-1857
 	NOTE: reserved
+	{DSA-786-1}
 CAN-2005-1856 [backup-manager: Potential symlink attack through hard coded file name]
 	NOTE: reserved
-	{DSA-786-1}
+	{DSA-787-1}
 	- backup-manager 0.5.8-2 (low)
 CAN-2005-1855 [Insecure default permissions in backup-manager]
 	NOTE: reserved
+	{DSA-787-1}
 	- backup-manager 0.5.8-2 (medium)
 CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing ...)
 	{DSA-772-1}

Modified: data/CVE/Makefile
===================================================================
--- data/CVE/Makefile	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/CVE/Makefile	2005-08-26 20:24:15 UTC (rev 1660)
@@ -1,5 +1,5 @@
 update:
 	rm -f full-cve.html
 	wget --quiet http://www.cve.mitre.org/cve/downloads/full-cve.html
-	../updatelist full-cve.html ../DSA/list list > list.new
+	../updatelist full-cve.html ../DSA/list ../DTSA/list list > list.new
 	mv -f list.new list

Added: data/DTSA/DTSA-1-1
===================================================================
--- data/DTSA/DTSA-1-1	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/DTSA/DTSA-1-1	2005-08-26 20:24:15 UTC (rev 1660)
@@ -0,0 +1,55 @@
+------------------------------------------------------------------------------
+Debian Testing Security Advisory DTSA-1-1     http://secure-testing.debian.net
+secure-testing-team at lists.alioth.debian.org                          Joey Hess
+August 26th, 2005
+------------------------------------------------------------------------------
+
+Package        : kismet
+Vulnerability  : remote code execution
+Problem-Type   : remote
+Debian-specific: no
+CVE ID         : CAN-2005-2626 CAN-2005-2627
+
+Multiple security holes have been discovered in kismet:
+
+  CAN-2005-2627
+
+  Multiple integer underflows in Kismet allow remote attackers to execute
+  arbitrary code via (1) kernel headers in a pcap file or (2) data frame
+  dissection, which leads to heap-based buffer overflows.
+
+  CAN-2005-2626
+
+  Unspecified vulnerability in Kismet allows remote attackers to have an
+  unknown impact via unprintable characters in the SSID.
+
+For the testing distribution (etch) this is fixed in version
+2005.08.R1-0.1etch1.
+
+For the unstable distribution (sid) this is fixed in version
+2005.08.R1-1.
+
+This upgrade is strongly recommended if you use kismet.
+
+The Debian testing security team does not track security issues for the
+stable distribution (woody). If stable is vulnerable, the Debian security
+team will make an announcement once a fix is ready.
+
+Upgrade Instructions
+--------------------
+
+To use the Debian testing security archive, add the following lines to
+your /etc/apt/sources.list:
+
+  deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+  deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+
+The archive signing key can be downloaded from
+http://secure-testing.debian.net/ziyi-2005-7.asc
+
+To install the update, run this command as root:
+
+  apt-get update && apt-get install kismet
+
+For further information about the Debian testing security team, please refer
+to http://secure-testing.debian.net/

Added: data/DTSA/list
===================================================================
--- data/DTSA/list	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/DTSA/list	2005-08-26 20:24:15 UTC (rev 1660)
@@ -0,0 +1,3 @@
+[26 Aug 2005] DTSA-1-1 kismet - remote code execution
+	{CAN-2005-2626 CAN-2005-2627}
+	- kismet 2005.08.R1-0.1etch1 (high)

Added: data/DTSA/mkadvisory
===================================================================
--- data/DTSA/mkadvisory	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/DTSA/mkadvisory	2005-08-26 20:24:15 UTC (rev 1660)
@@ -0,0 +1,119 @@
+#!/usr/bin/perl
+# Generate an advisory using a template.
+use strict;
+use warnings;
+use User::pwent;
+use Date::Format;
+use Term::ReadLine;
+
+my $prefix="DTSA";
+my $advisory=getadvisory();
+
+my %subst;
+my %substchoices=(
+	DEBIAN_SPECIFIC => ["no","yes"],
+	TYPE => ["local", "remote"],
+);
+my %urgencytorecommendation=(
+	high => "strongly recommended",
+	medium => "recommended",
+	low => "encouraged",
+);
+my $term = Term::ReadLine->new("mkadvisory");
+
+sub getsubst {
+	my $in=shift;
+	# Use any numer of X's around the left or right side of a
+	# variable to pad it to its max width, this will be turned
+	# into spaces for alignment.
+	my ($lpad, $var, $rpad)=$in=~/(X*)([^X]+)(X*)/;
+	$lpad=length($lpad);
+	$rpad=length($rpad);
+	
+	if (! exists $subst{$var}) {
+		if ($var eq 'ADVISORY') {
+			$subst{$var}=$advisory;
+		}
+		elsif ($var eq 'WHOAMI') {
+			my ($fullname, $office, $workphone, $homephone) =
+				split /\s*,\s*/, getpwuid($<)->gecos;
+			$subst{$var}=$fullname;
+		}
+		elsif ($var eq 'DATE') {
+			$subst{$var}=time2str("%B %o, %Y", time, "UTC");
+		}
+		elsif ($var eq 'UPGRADE_RECOMMENDATION') {
+			print "Choose from ".join(", ", keys %urgencytorecommendation)."\n";
+			while ($subst{URGENCY}=$term->readline("URGENCY: ", 'high')) {
+				if (exists $urgencytorecommendation{$subst{URGENCY}}) {
+					last;
+				}
+			}
+			$subst{$var}=$urgencytorecommendation{$subst{URGENCY}};
+		}
+		else {
+			if (exists($substchoices{$var})) {
+				print "Choose from ".join(", ", @{$substchoices{$var}})."\n";
+				$subst{$var}=$term->readline("$var: ", $substchoices{$var}->[0]);
+			}
+			else {
+				$subst{$var}=$term->readline("$var: ");
+			}
+		}
+	}
+	my $ret=$subst{$var};
+	if ($lpad && length($ret) < length($in) + 4) {
+		$ret=(" " x (length($in) + 4 - length($ret))).$ret;
+	}
+	if ($rpad && length($ret) < length($in) + 4) {
+		$ret.=(" " x (length($in) + 4 - length($ret)));
+	}
+	return $ret;
+}
+
+# Get the advisory number. If a parameter is passed, use that as the
+# number, otherwise, find the next unused one.
+sub getadvisory {
+	my $num;
+	if (@ARGV) {
+		$num=shift;
+	}
+	else {
+		$num=1;
+		foreach my $file (glob("$prefix-*")) {
+			my ($major, $minor)=$file=~/$prefix-(.*)-(.*)/;
+			if ($major >= $num) {
+				$num=$major+1;
+			}
+		}
+		$num="$num-1";
+	}
+	if (-e "$prefix-$num") {
+		die "$prefix-$num already exists\n";
+	}
+	return "$prefix-$num";
+}
+
+print "Creating $advisory ...\n";
+open (OUT, ">$advisory") || die "write $advisory: $!";
+open (TEMPLATE, "template") || die "read template: $!";
+while (<TEMPLATE>) {
+	s/__([A-Z_]+)__/getsubst($1)/eg;
+	print OUT;
+}
+close TEMPLATE;
+close OUT;
+
+print "Adding to list ...\n";
+open (IN, "list") || die "read list: $!";
+my @list=<IN>;
+close IN;
+open (OUT,">list") || die "write list: $!";
+print OUT "[".time2str("%e %b %Y", time, "UTC")."] $advisory $subst{PACKAGE} - $subst{SHORTDESC}\n";
+print OUT "\t{$subst{CVE}}\n" if length $subst{CVE};
+print OUT "\t- $subst{PACKAGE} $subst{TESTINGVER} ($subst{URGENCY})\n";
+print OUT @list;
+close OUT;
+
+print "Editing $advisory ...\n";
+exec("sensible-editor", $advisory);


Property changes on: data/DTSA/mkadvisory
___________________________________________________________________
Name: svn:executable
   + *

Added: data/DTSA/template
===================================================================
--- data/DTSA/template	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/DTSA/template	2005-08-26 20:24:15 UTC (rev 1660)
@@ -0,0 +1,44 @@
+------------------------------------------------------------------------------
+Debian Testing Security Advisory __ADVISORYX__http://secure-testing.debian.net
+secure-testing-team at lists.alioth.debian.org  __XXXXXXXXXXXXXXXXXXXXXXXWHOAMI__
+__DATE__
+------------------------------------------------------------------------------
+
+Package        : __PACKAGE__
+Vulnerability  : __SHORTDESC__
+Problem-Type   : __TYPE__
+Debian-specific: __DEBIAN_SPECIFIC__
+CVE ID         : __CVE__
+
+__DESCRIPTION__
+
+For the testing distribution (etch) this is fixed in version
+__TESTINGVER__.
+
+For the unstable distribution (sid) this is fixed in version
+__UNSTABLEVER__.
+
+This upgrade is __UPGRADE_RECOMMENDATION__ if you use __PACKAGE__.
+
+The Debian testing security team does not track security issues for the
+stable distribution (woody). If stable is vulnerable, the Debian security
+team will make an announcement once a fix is ready.
+
+Upgrade Instructions
+--------------------
+
+To use the Debian testing security archive, add the following lines to
+your /etc/apt/sources.list:
+
+  deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+  deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+
+The archive signing key can be downloaded from
+http://secure-testing.debian.net/ziyi-2005-7.asc
+
+To install the update, run this command as root:
+
+  apt-get update && apt-get install __PACKAGE__
+
+For further information about the Debian testing security team, please refer
+to http://secure-testing.debian.net/

Modified: data/checklist
===================================================================
--- data/checklist	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/checklist	2005-08-26 20:24:15 UTC (rev 1660)
@@ -82,9 +82,9 @@
 		print STDERR "line: $_" if $debug;
 		chomp;
 		if (/^\[/) {
-			($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /;
+			($id)=m/((?:DSA|DTSA|CAN|CVE)-[^\s]+) /;
 		}
-		elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) {
+		elsif (/^((?:DSA|DTSA|CAN|CVE)-[^\s]+)/) {
 			$id=$1;
 		}
 		elsif (/^\s+[!-]\s+(\S+)\s+(.*?)\s*$/) {

Modified: data/updatelist
===================================================================
--- data/updatelist	2005-08-26 18:51:21 UTC (rev 1659)
+++ data/updatelist	2005-08-26 20:24:15 UTC (rev 1660)
@@ -1,30 +1,37 @@
 #!/usr/bin/perl
 my $full_can_html=shift;
 my $dsa_list=shift;
+my $dtsa_list=shift;
 my $our_list=shift;
 
 my %cans;
 
-open (DSA, "<$dsa_list") || die "$dsa_list: $!\n";
-my $dsa;
-while (<DSA>) {
-	if (/^\[/) {
-		($dsa)=m/(DSA-.*?) /;
-	}
-	if (/\{(CAN|CVE)/) {
-		my ($canlist)=m/\{(.*)\}/;
-		foreach my $can (split ' ', $canlist) {
-			$can=~s/CVE-/CAN-/g;
-			next unless $can=~/^CAN-\d+/;
-			$cans{$can}{can}=$can;
-			push @{$cans{$can}{dsa}}, $dsa;
-			$can=~s/CAN-/CVE-/g;
-			$cans{$can}{can}=$can;
-			push @{$cans{$can}{dsa}}, $dsa;
+sub read_dsa {
+	my $list=shift;
+	
+	open (DSA, "<$list") || die "$list: $!\n";
+	my $dsa;
+	while (<DSA>) {
+		if (/^\[/) {
+			($dsa)=m/(DT?SA-.*?) /;
 		}
+		if (/\{(CAN|CVE)/) {
+			my ($canlist)=m/\{(.*)\}/;
+			foreach my $can (split ' ', $canlist) {
+				$can=~s/CVE-/CAN-/g;
+				next unless $can=~/^CAN-\d+/;
+				$cans{$can}{can}=$can;
+				push @{$cans{$can}{dsa}}, $dsa;
+				$can=~s/CAN-/CVE-/g;
+				$cans{$can}{can}=$can;
+				push @{$cans{$can}{dsa}}, $dsa;
+			}
+		}
 	}
+	close DSA;
 }
-close DSA;
+read_dsa($dsa_list);
+read_dsa($dtsa_list);
 
 my %listedcans;
 
@@ -102,10 +109,10 @@
 	elsif (/^\s+NOTE:\s*(reserved|rejected)\s*$/) {
 		# skip it
 	}
-	elsif (/^\s+NOTE: covered by DSA.*/) {
+	elsif (/^\s+NOTE: covered by DT?SA.*/) {
 		# skip it (old form)
 	}
-	elsif (/^\s+{DSA.*/) {
+	elsif (/^\s+{DT?SA.*/) {
 		# skip
 	}
 	elsif (/^\s+(.*)/ && $can) {

Modified: doc/announce.2
===================================================================
--- doc/announce.2	2005-08-26 18:51:21 UTC (rev 1659)
+++ doc/announce.2	2005-08-26 20:24:15 UTC (rev 1660)
@@ -3,10 +3,18 @@
 
 Subject: announcing the beginning of security support for testing
 
+-----------------------------------------------------------------------------
+Debian Testing Security Team                 http://secure-testing.debian.net
+Security support for testing      secure-testing-team at lists.alioth.debian.org
+August 26th, 2005
+-----------------------------------------------------------------------------
+
+Security support for testing
+
 The Debian testing security team is pleased to announce the beginning of
 full security support for Debian's testing distribution. We have spent the
 past year building the team, tracking and fixing security holes, and
-creating our infrastructure, and now the final piece is in place, and 
+creating our infrastructure, and now the final pieces are in place, and 
 we are able to offer security updates and advisories for testing.
 
 We invite Debian users who are currently running testing, or who would like
@@ -19,21 +27,60 @@
 available:
 
 deb http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free
+deb-src http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free
 
-Note that some initial advisories have already been posted to the list
-and are already available in the repository. These include:
+Some initial advisories have already been posted to the list and are already
+available in the repository. These include:
 
 DTSA-1-1 kismet -
 XXXXXX complete
 
 Note that this announcement does not mean that testing is free of security
 issues. Several security issues are present in unstable, and an even larger
-quantity are present in testing. Our beginning of security support only
-means that we are now able to begin making security fixes available for
-testing nearly as quickly as for unstable. The testing security team makes
-statistics about what security holes are still open available on our
-website, and users should use this information to make their own decision
-about whether testing is secure enough for production use.
+number are present in testing. Our beginning of security support only means
+that we are now able to begin making security fixes available for testing
+nearly as quickly as for unstable. The testing security team's website has
+information about what security holes are still open, and users should use
+this information to make their own decision about whether testing is secure
+enough for production use.
 
 For more information about the testing security team, see our web site.
 <http://secure-testing.alioth.debian.org/>.
+
+----------------------------------------------------------------------------
+
+The archive signing key that is used to sign the apt repository is
+included below and can also be downloaded from
+http://secure-testing.debian.net/ziyi-2005-7.asc
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.1 (GNU/Linux)
+
+mQGiBEMM7wgRBACs/rcYtu++PqBV5t6qTf9FsjJYZV4OUoQmtK849PdHUoVONh/b
+yz0vmP4QPCJXraFYiiiaur8WLcOphwY3DFaz0quozxl3pZfJjN27qDdTTDUKk1Kq
+zFQYTsDaXjSh0nRGW3gFmbyIqTL8sVGOAAz2KbrtLEQE11qYZjzvylEf4wCgv6ss
+HgQ7AcSBjpvm72e9PvSuDhMD/1kV0Snq9ilvCv7QLHBo/JnNgiCwxh5nEnPWHYjo
+SB0I99nuFMAzooAXTQhU3Hx1/sdZ3SMk1hWwZCPI0iNqESH2a3ib0YZt0DycWa3Y
+KxXIJet92u3ApSMVbp6OzzL7REoNCAgg6F/lrl+lVtnHbKiKBMZlKMsp+kQLSXqr
+Ki0pA/wIkkp7mJ7IiVS0fy9gueuiLqJKR6+i092J0RXsQesQX4OTC2DY3IICB22Q
+HfE8WNVZ2iPuWK0ymg6GqAHplp7bfVZMzfMSTMc+hj9WnmEVRRjLH66tsq1XHGEQ
+qg/mbkmeXwUwxAT1WGClcRWJqODmWE7KhkjKwGklYgzBoxwqkLRDc2VjdXJlLXRl
+c3RpbmcgQXJjaGl2ZSBLZXkgMjAwNS03IDxrYXRpZUBzZWN1cmUtdGVzdGluZy5k
+ZWJpYW4ubmV0PohkBBMRAgAkBQJDDO8IAhsDBQkElVcABgsJCAcDAgMVAgMDFgIB
+Ah4BAheAAAoJEJRqpuGHIucecvgAoK3nnF0yEwpNeQASyerh4wxRblZzAJ9h8rEF
+YldbZt/zYA53k2/y2m+s7LkCDQRDDO8gEAgAm1Y/a//sVe6fEANvLc5M5pEsoRkP
+LNKcH1O/og2mID8/gBV99LRfRnjcV8xhF5cWIlb4Es3KvQxmvxo6zGEfsMJWoezq
+H+2agIra78dfb0B1AyHuvwSRMc9sVy+3CuegM8bD3ss+4ta3rNLChpVrE8DxJZum
+ecqkNSQVOkqeAOl2JIQ/xBkLg1hjQA8bXW5AiUu4/XAQAe04w7YNfdsApeCfpKEW
+Atg54CD9uRbfSwnd2uYHYcosmBMhryNrHy27RkyS0BFWaL/1gfBqua7VujcnCm6S
+nbhB4t3vk/AnEsPJixtW/tOC3a3BaPqGsTq848e/PzmWY/8y9mvXwbxq5wADBQgA
+gNtB3u8TCN2Z4wkKrg19LohivQzJCXFfRi2ZydOe9E3SbSi6ggthjvGhHv2lTHEu
+e/4wBOta3a9pUpVdMgRFL1UuJy3nPd1yPC0dOegJj+lMkeMGcdKolJUMdoA+ieZ2
+lwkrT1b5GdFBSRn8hsuRtZi69QtzoHzDR5lg9ynwTJ+mLlO8r83HmdxbXsnmGlxy
+ZWRoqiSIl7mRLHp2tuFw9chgJ1nqwewTmCj85Aj/YsbGmqOJcnp98Jk0GDiP/le4
+rktZAqG2blwVpC2DLLiQSqcYS5jjq/iiGnYEIVG+nPa/29OuoX40zwKqBcy5I8rJ
+ZIq2hzbazsyg2Sd3vhmZuohPBBgRAgAPBQJDDO8gAhsMBQkElVcAAAoJEJRqpuGH
+IuceRqUAn3Q8msRUTsp882QINWyy5fqTehb5AJ9+kz3xq+7ooAwkdgpNOiz7ogxp
+Qg==
+=KBNL
+-----END PGP PUBLIC KEY BLOCK-----

Modified: website/index.html
===================================================================
--- website/index.html	2005-08-26 18:51:21 UTC (rev 1659)
+++ website/index.html	2005-08-26 20:24:15 UTC (rev 1660)
@@ -42,7 +42,9 @@
 	repository:
 	<pre>
 	deb http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free
+	deb-src http://secure-testing.debian.net/debian-security-updates etch/security-updates main contrib non-free
 	</pre>
+	The archive signing key used for this repository is <a href="ziyi-2005-7.asc">here</a>.
 	</p>
 	
 	<h1>Data sources</h1>
@@ -108,17 +110,18 @@
 		including builds for all other architectures:
 		<pre>
 		deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
+		deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free
 		</pre>
 		Build logs can be found
 		<a href="http://experimental.debian.net/">here</a>.
 		</li>
 		<li>
 		Once everything is ready, contact a team member to create a DSTA annoucement
-		(procedure pending), contact a secure-testing-master admin
+		(using data/DTSA/mkadvisory), contact a secure-testing-master admin
 		to move the upload from etch-proposed-updates to
 		etch (using something like this, but the procedure is still being worked out:
 		madison -s etch-proposed-updates -f heidi -S $package | sudo -u katie heidi -a etch)
-		and send the DSTA to secure-testing-announce.
+		and send the signed DSTA to secure-testing-announce.
 		</li>
 	</ol>
 	</p>




More information about the Secure-testing-commits mailing list