diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2005-12-23 15:22:49 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2005-12-23 15:22:49 +0000 |
commit | 985185fb1d7baf5741b9fe3323bf1df25ca26f87 (patch) | |
tree | 7169984474e5949d73c5d75b6f8df707a795839f /lib | |
parent | 78566de88eb53fc78227c840d8d8fe28c82befc2 (diff) |
lib/python/security_db.py (DB.calculateDebsecan1):
Optimize vulnerability list. Further tweaks to urgency handling:
'unimportant' does not trump 'unknown'.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3132 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/security_db.py | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/python/security_db.py b/lib/python/security_db.py index 6db5872c67..869bfb8eab 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -1364,9 +1364,10 @@ class DB: WHERE cve_name = p.bug_name) FROM package_notes AS p, bugs AS b WHERE p.urgency <> 'unimportant' + AND COALESCE(p.fixed_version, '') <> '0' AND name NOT LIKE 'FAKE-0000000-%' - AND b.name = p.bug_name AND p.package_kind IN ('source', 'binary', 'unknown') + AND b.name = p.bug_name ORDER BY p.bug_name"""): if remote is None: remote = '?' @@ -1406,7 +1407,7 @@ class DB: ORDER BY package, bug_name""")): unstable_fixed = '0' - total_urgency = 'unknown' + total_urgency = '' other_versions = {} is_binary = False is_unknown = False @@ -1415,12 +1416,14 @@ class DB: """SELECT release, package_kind, urgency, fixed_version FROM package_notes WHERE bug_name = ? AND package = ?""", (bug, package))): - if total_urgency <> 'unknown': + if not total_urgency: + total_urgency = urgency + elif total_urgency <> 'unknown': if urgency <> 'unknown' \ and bugs.internUrgency(urgency) \ > bugs.internUrgency(total_urgency): total_urgency = urgency - else: + elif total_urgency <> 'unimportant': total_urgency = urgency if kind == 'binary': @@ -1464,6 +1467,9 @@ class DB: if debian_support.Version(v) > v_ref: other_versions[v] = True + if not total_urgency: + total_urgency = 'unknown' + # Check if the issue does not actually mark any packages # as vulnerable. if total_urgency == 'unimportant' \ |