external-check: Handle vendor entries with additional vendor security prefix

Additionally to the vendored entries addressed in d8b81d2818b3
("external-check: Handle vendor prefixed entries") some entries might be
of the form "UBUNTU:Ubuntu security $CVE", and the external check update
will bail out as:

	[...]
	<td>UBUNTU:Ubuntu Security CVE-2020-11935</td>
	UBUNTU.list contains garbage (see above), aborting

Allow the expression to contain additionall an additional text beweend
the vendor prefix and the CVE. Maybe we should simply match anything
beween a opening HTML tag, the CVE and a closing tag, filtering out the
CVE as better solution.

The idea behind this change is to really poinpoint any vendor entry in
the respective source-$vendor.html list.

Link: https://lists.debian.org/debian-security-tracker/2023/04/msg00003.html
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

1 files changed, 1 insertions, 1 deletions

diff --git a/check-external/update.sh b/check-external/update.sh
index 8ad1660d03..4025728e2c 100755
--- a/check-external/update.sh
+++ b/check-external/update.sh
@@ -58,7 +58,7 @@ check_list cve.list
 # or as specified at the individual html files or elsewhere on cve.mitre.org's website
 for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
     wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
-    sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" source-$vendor.html |
+    sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?($vendor Security )?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\3/i;p}" source-$vendor.html |
 	sort -u > $vendor.list
     check_list $vendor.list
 done