From 07ff2f823d82c308a4cf7132a647fd30f5aae916 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 9 May 2010 19:39:57 +0000 Subject: sectracker.analyzers.vulnerabilities(): extract fixed package information git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14659 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- doc/python-format.txt | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'doc/python-format.txt') diff --git a/doc/python-format.txt b/doc/python-format.txt index b0f0a91613..a2d2edff90 100644 --- a/doc/python-format.txt +++ b/doc/python-format.txt @@ -111,19 +111,28 @@ These act just as flags; no additional data is present. # Derived vulnerability information -These are contained in a list of info objects: +sectracker.analyzers.vulnerabilities() computes fixed versions for +bug/package pairs. These are returned in a list of vulnerability +objects: -* info.bug: name of the bug (potentially auto-generated) +* vuln.bug: name of the bug (potentially auto-generated) -* info.package: name of the package +* vuln.package: name of the package -* info.fixed: fixed version in unstable (a string), or None (no fix +* vuln.fixed: fixed version in unstable (a string), or None (no fix available) or True (all versions fixed) -* info.fixed_other: a tuple, containing other fixed versions (which +* vuln.fixed_other: a tuple, containing other fixed versions (which are less than the unfixed unstable version, but nevertheless known not to be vulnerable) In itself, this data is not very illuminating, but comparision with other information sources can be used to detect vulnerable installed packages, generate bug and distribution overview pages etc. + +This computation is in a separate pass because packages are sometimes +propagated between releases/distributions in the Debian archive. The +returned data only contains plain versions, disregarding the source, +so further processing can correctly handle package propagation (in the +sense that if a bug was fixed in one place, all propagated copies are +also fixed). -- cgit v1.2.3