NetBSD Problem Report #47015

From www@NetBSD.org  Fri Sep 28 15:39:31 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id ACE8C63E482
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 28 Sep 2012 15:39:31 +0000 (UTC)
Message-Id: <20120928153929.CF92163E443@www.NetBSD.org>
Date: Fri, 28 Sep 2012 15:39:29 +0000 (UTC)
From: joseph.sheridan@reactionis.co.uk
Reply-To: joseph.sheridan@reactionis.co.uk
To: gnats-bugs@NetBSD.org
Subject: GIMP README link Secunia problem
X-Send-Pr-Version: www-1.0

>Number:         47015
>Category:       misc
>Synopsis:       GIMP README link Secunia problem
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          closed
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 28 15:40:00 +0000 2012
>Closed-Date:    Tue Feb 28 23:09:55 +0000 2017
>Last-Modified:  Tue Feb 28 23:09:55 +0000 2017
>Originator:     joseph sheridan
>Release:        -
>Organization:
Reaction Information Security
>Environment:
-
>Description:
Hi,

I have just noticed that a link on a README page (http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/graphics/gimp/README.html) to a vulnerability I identified in GIMP 2.6 does not link back to my site (or CVE, which does link to my site). Instead it links to Secunia - http://secunia.com/advisories/49314/ and passes on a good amount of Google Page Rank to them (missing out my site entirely).

The trouble is that Secunia never links back to the original author's advisory with an HTML link (they give only a plaintext link) and this removes all the benefit in terms of page rank, domain authority and search engine rankings. I believe this practise fundamentally breaks the principles of the internet and the ideals of the open source movement. My original advisory is at http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html. 

I am requesting that the README file is updated to point to my site (or CVE mitre) and for you to question Secunia as to why they don't pass on HTML links to the original authors (retorical - they want to keep all the page rank to themselves). I would also suggest that you should stop linking to Secunia if they refuse to link to others.

I have also requested that Secunia change their linking model and am waiting for a reply.

Best regards,

Joseph Sheridan

Joseph Sheridan
Director
CHECK Team Leader, CREST Infrastructure, CREST Application, CISSP
Tel: 07812052515
Web: www.reactionis.co.uk 
Email: joe@reactionis.co.uk





>How-To-Repeat:

>Fix:

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->closed
State-Changed-By: snj@NetBSD.org
State-Changed-When: Tue, 28 Feb 2017 23:09:55 +0000
State-Changed-Why:
I modified our vulnerability database to refer to the CVE instead:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2763

It will take a while for this change to show up in gimp/README.html,
but it'll be there soon.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.