sectracker.analyzers.vulnerabilities(): allow {} overrides

See thread "A new ambiguity" on the debian-security-tracker list:
<http://lists.debian.org/debian-security-tracker/2010/05/msg00011.html>


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14666 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 7 insertions, 3 deletions

diff --git a/lib/python/sectracker/analyzers.py b/lib/python/sectracker/analyzers.py
index 921c2fa085..814ae526da 100644
--- a/lib/python/sectracker/analyzers.py
+++ b/lib/python/sectracker/analyzers.py
@@ -109,21 +109,25 @@ def fixedversions(bugdb, copysrc, versions, diag):
 
     assert "sid" in versions # should come from extractversions()
 
-    def buildpackages1(bug):
+    def buildpackages1(bug, target=None):
         packages = {}
+        xref = () # current {} contents
         for ann in bug.annotations:
-            if ann.type == "package":
+            # only copy if target is listed in current {} list
+            if ann.type == "package" and (target is None or target in xref):
                 if ann.package not in packages:
                     packages[ann.package] = {}
                 pkg = packages[ann.package]
                 pkg[ann.release] = (bug, ann)
+            elif ann.type == "xref":
+                xref = ann.bugs
         return packages
 
     def buildpackages(bug):
         packages = buildpackages1(bug)
         if bug.header.name not in copysrc:
             return packages
-        copiers = [buildpackages1(bugdb[b])
+        copiers = [buildpackages1(bugdb[b], target=bug.header.name)
                    for b in copysrc[bug.header.name]]
         for c in copiers:
             for pname, creleases in c.items():