bin/lts-alt-cve-triage.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

#!/bin/sh
# Requires:
# wget, html2text

WDB="https://deb.freexian.com/extended-lts/tracker/status/release/oldstable"
ENF="data/dla-needed.txt"
OPF=$(tempfile)

echo "Fetching tracker db from $WDB"
wget -O "$OPF" -q "$WDB"
html2text "$OPF" | grep "?$" | while read A B O ; do
    if echo $A | grep -q -E "^(CVE|TEMP)-" ; then
	CVE=$A
    else
	PACKAGE=$A
	CVE=$B
    fi

    # Sanitize package name for e.g. foo_(non-free)
    PACKAGE=${PACKAGE%%_*}

    if echo "$PACKAGE" | grep -q '^[-a-zA-Z0-9_][-a-zA-Z0-9_.]*$' ; then
	if [ -n "$CVE" ] ; then
	    if grep -q "^$PACKAGE[[:space:]](" $ENF ; then
		echo "Supported $PACKAGE $CVE (Claimed)"
	    elif grep -q "^$PACKAGE$" $ENF ; then
		echo "Supported $PACKAGE $CVE (Not claimed)"
	    else
		echo "Supported $PACKAGE $CVE (Triage needed)"
	    fi
	else
	    echo "Empty CVE for $PACKAGE"
	fi
    else
	echo "Unknown characters in package name $PACKAGE."
    fi
done
rm -f "$OPF"