From 952201519ea7bd432f81a11cdfa5960f5c623139 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 31 Mar 2024 23:02:21 +0200
Subject: Revert "tracker_service: make unimportant issues non-red"

This reverts commit 05e8e52378fe07d1e7e75613adfa8adf2fcd8c87.

There seems to be a bug with that commit. In fact for instance
CVE-2024-26652[1] will now show the unfixed versions marked as
vulnerable (unimportant). The entry at the point of this writing was:

CVE-2024-26652 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
	- linux <unfixed>
	[bookworm] - linux <not-affected> (Vulnerable code not present)
	[bullseye] - linux <not-affected> (Vulnerable code not present)
	[buster] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/ba18deddd6d502da71fd6b6143c53042271b82bd (6.8)

Note that the entry is not classified unimprtant.

Another example is CVE-2024-26327[2]. Here the entires up from bookworm
to sid are shown with "vulnerable (unimportant)". This is incorrect as
well as the issue is not unimportant as well.

CVE-2024-26327 (An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in h ...)
	- qemu <unfixed>
	[bookworm] - qemu <no-dsa> (Minor issue)
	[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
	[buster] - qemu <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/7c0fa8dff811b5648964630a1334c3bb97e1e1c6 (v7.0.0-rc0)
	NOTE: https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4%40daynix.com/

For now revert this commit.

[1]: https://security-tracker.debian.org/tracker/CVE-2024-26652
[2] https://security-tracker.debian.org/tracker/CVE-2024-26327
---
 bin/tracker_service.py | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

(limited to 'bin')

diff --git a/bin/tracker_service.py b/bin/tracker_service.py
index 82c42fdc02..71c9f83c8a 100755
--- a/bin/tracker_service.py
+++ b/bin/tracker_service.py
@@ -439,14 +439,6 @@ data source.""")],
 
         page.append(make_table(gen_header()))
 
-        def is_unimportant(bug, package):
-            if bug.notes:
-                for note in bug.notes:
-                    if note.package == package and str(note.urgency) == 'unimportant':
-                        return True
-
-            return False
-
         if bug.notes:
 
             def gen_source():
@@ -461,12 +453,8 @@ data source.""")],
                             self.make_source_package_ref(url, package),
                             " (", self.make_pts_ref(url, package, 'PTS'), ")")
                     if vulnerable == 1:
-                        if is_unimportant(bug, old_pkg):
-                            vuln = self.make_yellow('vulnerable (unimportant)')
-                            version = self.make_yellow(version)
-                        else:
-                            vuln = self.make_red('vulnerable')
-                            version = self.make_red(version)
+                        vuln = self.make_red('vulnerable')
+                        version = self.make_red(version)
                     elif vulnerable == 2:
                         vuln = self.make_purple('undetermined')
                         version = self.make_purple(version)
-- 
cgit v1.2.3