Bug 86205

Summary: Advisories from Red Hat Japan is irresponsible.
Product: Red Hat Satellite 5 Reporter: Kazutoshi Morioka <morioka>
Component: DocumentationAssignee: Clay Murphy <cmurphy>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: mhideo, rhn-bugs
Target Milestone: ---Keywords: Documentation, Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-24 01:32:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kazutoshi Morioka 2003-03-17 08:36:32 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.8 (X11; Linux i686; U;) Gecko/20030212

Description of problem:
Security advisories from Red Hat Japan is translated into japanese.
But they contain full of misreadings and mistranslations.
Thus, they are totally irresponsible.

For example, recent sendmail's buffer overflow,
http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-073J.html
says, (sorry japanese charactores)
&#12300;&#24403;&#31038;&#12399;&#12289;&#27010;&#24565;&#30340;&#12395;&#23455;&#35388;&#12391;&#12365;&#12427;&#33030;&#24369;&#24615;&#12364;&#23384;&#22312;&#12377;&#12427;&#12364;&#12289;
&#23455;&#38555;&#12395;&#21839;&#38988;&#12392;&#12394;&#12427;&#12371;&#12392;&#12399;&#32771;&#12360;&#12425;&#12428;&#12394;&#12356;&#12392;&#12450;&#12489;&#12496;&#12452;&#12473;&#12434;&#21463;&#12369;&#12390;&#12356;&#12414;&#12377;&#12290;&#12301;
"We are advised that there is vulnerability can be theoretically proofed, but no
real threat is considerable (re-translated by me)"

No! I can't believe this.
I think that statement is mistranslated from RHSA-2003:073-06
"We are advised that a proof-of-concept exploit is known to exist,
but is not believed to be in the wild."

and
&#12300;Red Hat Linux 8.0&#12391;&#12399;&#12289;Sendmail
8.12.8&#12434;&#21454;&#37682;&#12375;&#12390;&#12362;&#12426;&#12289;&#12371;&#12398;&#33030;&#24369;&#24615;&#12395;&#12424;&#12427;&#21839;&#38988;&#12399;&#12354;&#12426;&#12414;&#12379;&#12435;&#12290;&#12301;
"Red Hat Linux 8.0 contains sendmail 8.12.8.
So, there is no problem with this vulnerability (re-translated by me)"

No, again! Red Hat 8.0 contains sendmail-8.12.5!
This statement is mistranslated from
"For Red Hat Linux 8.0 we have included Sendmail version 8.12.8
which is not vulnerable to these issues."

As we seen,
Red Hat Japan has PRE-SCHOOL-LEVEL english skill.
And no one can check this incorrect advisory in two weeks.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Wait for new security advisory.
2. Wait for japanese translation.
3. Read it.
    

Actual Results:  You got totally irresponsible informations.

Expected Results:  You got acceptably reliable informations.

Additional info:
Comment 1 Clay Murphy 2003-03-18 22:32:03 UTC 
Although this bug is out of my realm of expertise, I'm ushering it to
resolution. The advisory translators (at RH Japan) have been notified of the
errors and are working to correct them. They expect new translations posted
Wednesday, March 19th. I will update this bug as soon as I get confirmation from
them the fixes have been made.
Comment 2 Clay Murphy 2003-03-26 19:09:30 UTC 
Chun Ye of Red Hat - Japan says the advisory has been updated. The message reads:
Hello Clay,

  we have corrected one translation and updated our WEB on March 24,
sorry for the delay. (I out of office from March 23 to March 25.)

  please tell me if you any questions.

  Thanks.

å¶ãâ¬â¬Ã§Â´â(Chun Ye)

Please look and see if this resolves the issue.
Comment 3 Clay Murphy 2003-04-24 01:32:55 UTC 
Apparently this is good to go.