diff options
author | Carles Pina i Estany <carles@pina.cat> | 2021-02-15 09:14:47 +0000 |
---|---|---|
committer | Sebastien Delafond <seb@debian.org> | 2021-02-15 09:14:47 +0000 |
commit | ee615967842797c7d9fe74f87d9e01ef05d838d7 (patch) | |
tree | fbcbaff89fcc62f99fca54bfa838248763bd178c /lib/python/debian_support.py | |
parent | cd86bbc50fdb1d83588e5cc04ecd25c494e901c0 (diff) |
Fix CVE10k problem for CVE with more than 4 numbers
It had no consequences in security-tracker: the
next-oldstable-point-update.txt file is empty and the
next-point-update.txt CVEs are not used yet for what I can see via this
code path.
Diffstat (limited to 'lib/python/debian_support.py')
-rw-r--r-- | lib/python/debian_support.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/python/debian_support.py b/lib/python/debian_support.py index 4c8cff5b38..59d68a8865 100644 --- a/lib/python/debian_support.py +++ b/lib/python/debian_support.py @@ -577,6 +577,46 @@ def getconfig(): _config = json.load(open(findresource("data", "config.json"))) return _config +class PointUpdateParser: + @staticmethod + def parseNextPointUpdateStable(): + """ Reads data/next-point-update.txt and returns a dictionary such as: + + {'CVE-2014-10402': {'libdbi-perl': '1.642-1+deb10u2'}, + 'CVE-2019-10203': {'pdns': '4.1.6-3+deb10u1'} + } + """ + return PointUpdateParser._parsePointUpdateFile( + findresource("data", "next-point-update.txt") + ) + + @staticmethod + def parseNextOldstablePointUpdate(): + """ Returns a dictionary with the same structure as + PointUpdateParser.parseNextPointUpdateStable() for the file + data/next-oldstable-point-update.txt + """ + return PointUpdateParser._parsePointUpdateFile( + findresource("data", "next-oldstable-point-update.txt") + ) + + @staticmethod + def _parsePointUpdateFile(file_path): + CVE_RE = 'CVE-[0-9]{4}-[0-9X]{4,}' + result = {} + + with open(file_path) as f: + for line in f: + res = re.match(CVE_RE, line) + if res: + cve = res.group(0) + result[cve] = {} + continue + elif line.startswith('\t['): + dist, _, pkg, ver = line.split() + result[cve][pkg] = ver + return result + _releasecodename = None def releasecodename(dist): """Converts a release name to the code name. |