| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
|
|
| |
The first revision on the website doesn't have a postfix.
The second revision has a postfix of -2.
I was going to do something similar for DSA too, but found regression update
advisories are not available on the website for DSAs.
|
|
|
|
|
|
| |
This reverts commit 7177c0e348acbd70b76de7fc36116d02201bc9bf.
I accidentally pushed this to the wrong branch.
|
|
|
|
|
|
|
|
|
| |
The first revision on the website doesn't have a postfix.
The second revision has a postfix of -2.
I was going to do something similar for DSA too, but found regression update
advisories are not available on the website for DSAs.
|
|
|
|
|
|
| |
This reverts commit c878209005bc1bb46345eb3f5cb6357135841131.
This affects gen-* and carnil expressed it was unnecessary.
I'll try to find another way to remember to add a short package description in security announcements.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the regular expression was tightened to fix a bug and not remove
e.g. spice ans spice-gtk from a *-needed.list removal of specific
entries of packages/stable or packages/oldstable got broken (wich is
used by the Debian security team to mark entries which only need an
update in one of the supported suites).
Retain the desired fixed behaviour but try to allow to properly remove
package/{old,}stable entries again.
Fixes: b3070631dfbb ("bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages starting with the same string as the to be removed package.")
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
| |
|
|
|
|
|
|
|
| |
The novell.com address is historical and deprecated.
Requested-by: Alexandros Toptsoglou <atoptsoglou@suse.com>
Requested-in: <a3bc5c9f-d52d-a79d-e1da-6a6484cee9ea@suse.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As the LTS team also sometimes works on packages with only <no-dsa>
issues open, it might be good to also inform package maintainers about
this.
This adds an ltsp-update-planned-minor.txt mail template plus a command
line option (--minor) that LTS front desk people can use if they choose
to add a package to dla-needed.txt with <no-dsa> issues only.
|
|
|
|
| |
is not a TTY
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update references for backports suites for buster-backports,
stretch-backports and jessie-backports for status overview pages.
For testing migration canidates (which is helpful during freeze periods
to determine which fixes from usntable need to go to testing yet), make
bullseye the new testing distribution.
Updates lists of releases to sid, bullseye, buster, stretch and jessie.
|
|
|
|
|
|
|
| |
Shift mappins for oldstable to stretch, stable to buster and new testing
to bullsyeye.
Make LTS suite jessie oldoldstable distribution.
|
|
|
|
|
|
|
| |
Add release mapping for Debian 10 (buster) for EOL in all either
security team or LTS team supported suites.
There is no EOL (= LTS supported EOL) set yet for buster.
|
|
|
|
|
| |
Include in listing the oldstable distribution by enable the boolean
value include_oldstable to true and enable the including logic.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
('<ignored>' precedence over '<undetermined>')
e.g. in lts-cve-triage.py, don't classify undermined 2017 jasperreports issues
specifically marked '<ignored>' in the 'undetermined' report section
(no more triage work needed in that case)
(alternate fix would be rewritting history and reclassify those as <end-of-life>)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MITRE recently did changes on the infrastructure to submit CVE entries
and slightly changed as well format of produced files.
Recent entries do not seem to contain anymore a strict \n\n\n separation
between the CVE description further from other notes attached to the
entry.
Slightly relax the regular expression but still try to catch correctly
the description only in the description() subroutine by still anchoring
to two \n\n, and two following \n\n to seperate the description.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
| |
|
| |
|
|
|
|
| |
Update time mapping according to https://wiki.debian.org/LTS/ overview.
|
|
|
|
|
|
|
|
|
|
|
| |
The script was added as workaround for a security-tracker problem which
was tracked as https://bugs.debian.org/919977 where the security-tracker
behind CDN returned stale data for the json export.
After some changes on the infrastructure done by DSA the problem seem to
have gone. As such we do not need two scripts for the same thing as the
alternative script really was only added as workaround to keep LTS folks
having a working CVE triage script.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MITRE changed the layout of the html pages for the CVE entries resulting
in long lines for the CVE descpritons not wrapped anymore directly
already in the fetched HTML.
Switch to use texwrap module to wrap the text in the description lines
and to be prefixed with a marker if the description is too long to be
hold in one line.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
This is not optimal at this point as it might truncate word in between
which in the old schema full words were left because MITRE did not
provide the description in one long line and the updatelist was just
adding the first line.
This still is enough as the tracker will add full description for the
webpage and the truncated description was just to keep a "short
description" in the CVE list file itself.
|
| |
|
| |
|
|
|
|
|
| |
...for non-main packages. For those, emptying pkg_name is not enough,
we also need to set title to None.
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be
separated in different supages. This needs adaption for the URL
referenced in the source fields of the security-tracker for DLAs.
v2: Correct URL to actually match the final location under
/lts/security. Cf. https://bugs.debian.org/859122#82
Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Previous implementation wouldn't detect updates to the file and only
looked at the claimed dates. This was an oversight: the goal was to
take into account normal edits to the claimed block as well, so that
users can "ping" the claim to extend their claim.
|
|
|
|
|
|
| |
Previous wording seemed to indicate the user had to make a change by
hand, but the --unclaim paramater forcibly makes changes to the file
directly.
|
|
|
|
|
|
|
|
| |
A little more verbose explanation will help in diagnosing why a
specific package was unclaimed. It also shows the exact diff that was
used for comparison and the requested delay.
Requested-by: Holger Levsen <holger@layer-acht.org>
|
| |
|
|
|
|
| |
scripts are available in BTS #908678
|
| |
|
| |
|