| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
('<ignored>' precedence over '<undetermined>')
e.g. in lts-cve-triage.py, don't classify undermined 2017 jasperreports issues
specifically marked '<ignored>' in the 'undetermined' report section
(no more triage work needed in that case)
(alternate fix would be rewritting history and reclassify those as <end-of-life>)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MITRE recently did changes on the infrastructure to submit CVE entries
and slightly changed as well format of produced files.
Recent entries do not seem to contain anymore a strict \n\n\n separation
between the CVE description further from other notes attached to the
entry.
Slightly relax the regular expression but still try to catch correctly
the description only in the description() subroutine by still anchoring
to two \n\n, and two following \n\n to seperate the description.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
| |
|
| |
|
|
|
|
| |
Update time mapping according to https://wiki.debian.org/LTS/ overview.
|
|
|
|
|
|
|
|
|
|
|
| |
The script was added as workaround for a security-tracker problem which
was tracked as https://bugs.debian.org/919977 where the security-tracker
behind CDN returned stale data for the json export.
After some changes on the infrastructure done by DSA the problem seem to
have gone. As such we do not need two scripts for the same thing as the
alternative script really was only added as workaround to keep LTS folks
having a working CVE triage script.
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
MITRE changed the layout of the html pages for the CVE entries resulting
in long lines for the CVE descpritons not wrapped anymore directly
already in the fetched HTML.
Switch to use texwrap module to wrap the text in the description lines
and to be prefixed with a marker if the description is too long to be
hold in one line.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
| |
This is not optimal at this point as it might truncate word in between
which in the old schema full words were left because MITRE did not
provide the description in one long line and the updatelist was just
adding the first line.
This still is enough as the tracker will add full description for the
webpage and the truncated description was just to keep a "short
description" in the CVE list file itself.
|
| |
|
| |
|
|
|
|
|
| |
...for non-main packages. For those, emptying pkg_name is not enough,
we also need to set title to None.
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be
separated in different supages. This needs adaption for the URL
referenced in the source fields of the security-tracker for DLAs.
v2: Correct URL to actually match the final location under
/lts/security. Cf. https://bugs.debian.org/859122#82
Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
Previous implementation wouldn't detect updates to the file and only
looked at the claimed dates. This was an oversight: the goal was to
take into account normal edits to the claimed block as well, so that
users can "ping" the claim to extend their claim.
|
|
|
|
|
|
| |
Previous wording seemed to indicate the user had to make a change by
hand, but the --unclaim paramater forcibly makes changes to the file
directly.
|
|
|
|
|
|
|
|
| |
A little more verbose explanation will help in diagnosing why a
specific package was unclaimed. It also shows the exact diff that was
used for comparison and the requested delay.
Requested-by: Holger Levsen <holger@layer-acht.org>
|
| |
|
|
|
|
| |
scripts are available in BTS #908678
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
starting with the same string as the to be removed package.
Before this patch (spice was to be removed, spice-gtk got removed, too).
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..a8e6526c01 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,12 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
-spice-gtk (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
suricata (Thorsten Alteholz)
--
symfony (Thorsten Alteholz)
```
With this patch (only spice gets removed, spice-gtk stays):
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..c7a975a471 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,9 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
spice-gtk (Mike Gabriel)
NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
--
```
|
| |
| |
| |
| |
| |
| | |
packages starting with the same string as the to be removed package."
This reverts commit 774eb447f4302c83e57978af5a429b9cbe306ab3. Because the commit message was incomplete.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
starting with the same string as the to be removed package.
Before this patch (spice was to be removed, spice-gtk got removed, too).
```
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 106dbb0477..a8e6526c01 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -99,12 +99,6 @@ qemu (Santiago)
--
samba (Holger Levsen)
--
-spice (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
-spice-gtk (Mike Gabriel)
- NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
suricata (Thorsten Alteholz)
--
symfony (Thorsten Alteholz)
```
With this patch (only spice gets removed, spice-gtk stays):
```
|
| |
| |
| |
| | |
per person
|
| |
| |
| |
| | |
to lack of co-ordination in the -needed.txt files.
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In commit 49e287d2574ed385e31ce3d36cb3cb19f4c7785f "tracker_service:
send a Last-Modified header for /tracker/data/json" I made the
json_timestamp update conditional on whether the data had changed. That
meant that after a few minutes, we would consider the data to be always
stale, and recompute it every single time, as long as it didn't change.
To fix this, use separate timestamps for "when did we check last"
(json_timestamp) and "when did it change last" (json_last_modified).
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
These are python classes used by other scripts, but they are
not scripts themselves.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Get them from config.json instead. This also simplifies the
parse_* functions as there's just a generic one now.
|