[Git][security-tracker-team/security-tracker][master] 3 commits: doc: Minor changes (typos and markdown formatting)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 2 21:20:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9de13b75 by Arnaud Rebillout at 2026-02-02T10:32:25+07:00
doc: Minor changes (typos and markdown formatting)
- - - - -
65c23fb7 by Arnaud Rebillout at 2026-02-02T10:32:43+07:00
doc: Add NVD to glossary
- - - - -
593bcb57 by Salvatore Bonaccorso at 2026-02-02T22:20:32+01:00
Merge branch 'doc-typos-and-format' into 'master'
Doc typos and format
See merge request security-tracker-team/security-tracker!261
- - - - -
2 changed files:
- doc/security-team.d.o/glossary
- doc/security-team.d.o/security_tracker
Changes:
=====================================
doc/security-team.d.o/glossary
=====================================
@@ -21,5 +21,8 @@
<a id="nfu">NFU</a>
: Not For Us. This designation is placed on a CVE that does not directly affect Debian. [More info on NFU](https://security-team.debian.org/security_tracker.html#issues-not-for-us-nfu)
+<a id="nvd">NVD</a>
+: National Vulnerability Database, US government CVE repository. [Website](https://nvd.nist.gov/)
+
<a id="oss-sec">oss-security</a>
: *Open Source Software Security*. Community for open source software security research, best known for its equally named mailing list. [Website](http://oss-security.openwall.org/)
=====================================
doc/security-team.d.o/security_tracker
=====================================
@@ -45,13 +45,13 @@ be used, which will filter out all blobs (file contents) until needed by
Git.
This will check out the working repository (given that you already have
-an [Salsa
+a [Salsa
account](https://wiki.debian.org/Salsa/Doc#Users:_Login_and_Registration).
After successful downloading, you will have a new directory called
`security-tracker`. Inside this directory are a number of
subdirectories. The `data` directory is where we do most of our work.
-After the initial clone please run
+After the initial clone please run:
bin/setup-repo
@@ -205,7 +205,7 @@ A special exception is made for kernel related issues. The kernel-sec group
will take care of them. It is not necessary to file bugs in the BTS for kernel
security issues, it only causes overhead.
-If you want to report a bug, bin/report-vuln might be helpful in creating
+If you want to report a bug, `bin/report-vuln` might be helpful in creating
the bug report.
If a vulnerability does not affect Debian, e.g., because the vulnerable
@@ -252,7 +252,7 @@ you're also fixing the issue in the process, which is of course the
ideal way to help/contribute).
### Packages in Experimental only
-There are some packages that only exists in experimental. In that
+There are some packages that only exist in experimental. In that
case, place the distribution tag `experimental`. For example:
CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...)
@@ -269,7 +269,7 @@ is appreciated though. For example:
### Issues in ITP and/or RFP packages
If an issue is discovered in a package that has an RFP or ITP already filed,
-then that is also noted in order to track the problem, and made sure it is
+then that is also noted in order to track the problem, and make sure it is
resolved before the package enters the archive. These issues are marked with
the `<itp>` tag. Note this includes both ITPs and RFPs since (from a security
tracking standpoint) there is no advantage in tracking them in separate ways.
@@ -327,7 +327,7 @@ checks after a new release.
### end-of-life packages
-In rare cases (i.e., webbrowsers) security support for packages
+In rare cases (i.e., web browsers) security support for packages
needs to be stopped before the end of the regular security maintenance
life cycle.
@@ -374,7 +374,7 @@ descriptive so that it is clear what remains to be done. For example:
If you are not sure about some decision (e.g., which package is affected) or
triaging (e.g., bug severity) you can leave a TODO note for reviewing,
-explaining which aspect have to be reviewed. For example:
+explaining which aspect has to be reviewed. For example:
CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in ...)
- tor 0.2.4.20-1 (low)
@@ -603,7 +603,7 @@ used for descriptive comments.
Syntax of mysa-needed.txt files
-------------------------------
-The mysa-needed.txt files (such as dsa-needed.txt) contain a list of packages
+The `mysa-needed.txt` files (such as `dsa-needed.txt`) contain a list of packages
that need to be updated. Lines containing two dashes (`--`) are used as
separators. Anything before the first separator are comments. After that, the
first line in each section should contain the package name, possibly followed
@@ -796,7 +796,7 @@ Setting up an extended instance
-------------------------------
The security tracker supports extra sources of data, which can be used
-to override or extend the information in CVE/list, and to support your
+to override or extend the information in `CVE/list`, and to support your
own announce lists. To do that, add a CVEExtendFile source to
`data/config.json`. Entries in that file can add information to an
existing CVE, e.g. to mark it as fixed or ignored, or to mark it as
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b87f75c70c200189ee374ba764a9abef951b85b...593bcb57608bb8a3a8624bdee373577927a50206
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9b87f75c70c200189ee374ba764a9abef951b85b...593bcb57608bb8a3a8624bdee373577927a50206
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260202/0ff602be/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list