how to read security advisories

[Joe]

For the patch level field, it would be informative to have a note indicating that the absence of a patch level field is itself information, rather than just an indication that the user is looking in the wrong place.  I think that's really the critical bit that I was missing.

For example:

...
4.3-RELEASE-p39 (7)
...
(7) The Corrected field indicates the date, time, time offset, and release that was corrected.  The -p suffix indicates a security branch patch level.  Builds which do not have the -p suffix in their release string do not have a patch level.
...




I think it would also be nice to have a link to a page describing the branching and/or build-naming strategy, but the above would've been plenty to have pointed me in the right direction.

Thanks,

-joe



On February 27, 2014 at 5:52:54 AM, Lowell Gilbert (freebsd-lists at be-well.ilk.org) wrote:

Joe <j.harman at f5.com> writes:  

> I'd like to point out that neither of these resources are of much help  
> for someone trying to figure out what the -p means, though.  

That makes sense. What would you suggest as additional text for the  
how-to-read-a-security-advisory chapter?