From 891dbf39b71fcbe0be2dd5c55268303c3f082cdf Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Wed, 27 Nov 2019 14:34:15 +0100
Subject: security_db: don't hardcode releases in db queries

---
 lib/python/security_db.py | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index b929320c6b..8ba681ab82 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -1780,13 +1780,16 @@ class DB:
         """A generator which returns tuples (RELEASE-LIST, VERSION),
         the available versions of the source package pkg."""
 
+        releases = config.get_supported_releases()
+        values = [pkg] + releases
+
         for (release, version) in cursor.execute(
             """SELECT release_name(release, subrelease, archive)
             AS release, version FROM source_packages
             WHERE name = ?
-            AND release IN ('jessie', 'stretch', 'buster', 'bullseye', 'sid')
+            AND release IN (""" + ",".join("?" * len(releases)) + """)
             GROUP BY release, version
-            ORDER BY release_to_number(release), subrelease_to_number(subrelease), version COLLATE version""", (pkg,)):
+            ORDER BY release_to_number(release), subrelease_to_number(subrelease), version COLLATE version""", values):
             yield release, version
 
     def getBinaryPackageVersions(self, cursor, pkg):
@@ -1832,6 +1835,9 @@ class DB:
         RELEASE-LIST, VERSION, VULNERABLE-FLAG) of source packages
         which are related to the given bug."""
 
+        releases = config.get_supported_releases()
+        values = [bug] + releases
+
         for (package, releases, version, vulnerable) in cursor.execute(
             """SELECT package, string_list(release), version, vulnerable
             FROM (SELECT p.name AS package,
@@ -1839,10 +1845,10 @@ class DB:
             p.version AS version, s.vulnerable AS vulnerable
             FROM source_package_status AS s, source_packages AS p
             WHERE s.bug_name = ? AND p.rowid = s.package
-            AND release in ('jessie', 'stretch', 'buster', 'bullseye', 'sid'))
+            AND release in (""" + ",".join("?" * len(releases)) + """))
             GROUP BY package, version, vulnerable
             ORDER BY package, releasepart_to_number(release), subreleasepart_to_number(release), version COLLATE version""",
-            (bug,)):
+            values):
             yield package, releases.split(', '), version, vulnerable
 
     def getBugsFromDebianBug(self, cursor, number):
-- 
cgit v1.2.3