NetBSD Problem Report #47015
From www@NetBSD.org Fri Sep 28 15:39:31 2012
Received: from mail.netbsd.org (mail.netbsd.org [22.214.171.124])
by www.NetBSD.org (Postfix) with ESMTP id ACE8C63E482
for <gnats-bugs@gnats.NetBSD.org>; Fri, 28 Sep 2012 15:39:31 +0000 (UTC)
Date: Fri, 28 Sep 2012 15:39:29 +0000 (UTC)
Subject: GIMP README link Secunia problem
>Synopsis: GIMP README link Secunia problem
>Arrival-Date: Fri Sep 28 15:40:00 +0000 2012
>Closed-Date: Tue Feb 28 23:09:55 +0000 2017
>Last-Modified: Tue Feb 28 23:09:55 +0000 2017
>Originator: joseph sheridan
Reaction Information Security
I have just noticed that a link on a README page (http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/graphics/gimp/README.html) to a vulnerability I identified in GIMP 2.6 does not link back to my site (or CVE, which does link to my site). Instead it links to Secunia - http://secunia.com/advisories/49314/ and passes on a good amount of Google Page Rank to them (missing out my site entirely).
The trouble is that Secunia never links back to the original author's advisory with an HTML link (they give only a plaintext link) and this removes all the benefit in terms of page rank, domain authority and search engine rankings. I believe this practise fundamentally breaks the principles of the internet and the ideals of the open source movement. My original advisory is at http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html.
I am requesting that the README file is updated to point to my site (or CVE mitre) and for you to question Secunia as to why they don't pass on HTML links to the original authors (retorical - they want to keep all the page rank to themselves). I would also suggest that you should stop linking to Secunia if they refuse to link to others.
I have also requested that Secunia change their linking model and am waiting for a reply.
CHECK Team Leader, CREST Infrastructure, CREST Application, CISSP
State-Changed-When: Tue, 28 Feb 2017 23:09:55 +0000
I modified our vulnerability database to refer to the CVE instead:
It will take a while for this change to show up in gimp/README.html,
but it'll be there soon.
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.