diff options
author | Emilio Pozuelo Monfort <pochu@debian.org> | 2023-03-20 15:46:37 +0100 |
---|---|---|
committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2023-03-20 17:00:21 +0100 |
commit | 7838c85c6f748fd9bc92a01dcd1d81ab36c2f991 (patch) | |
tree | 70b3b5e14581579dea790ba50077b960b8d49a77 /bin | |
parent | fe8e9be4aaa30ce6619344b03b772d0921f28f3b (diff) |
merge-cve-files: fix crash when there's an experimental tag
If CVE/list has a CVE such as:
CVE-2023-1234
[experimental] - foo 1.0-1
- foo 1.0-2
And we attempt to fix an annotation such as
CVE-2023-1234
[bullseye] - foo 0.1-1+deb11u1
that will crash when we are iterating over the experimental annotation
as next_annotation would be the sid one with release==None, and we would
be comparing internRelease(bullseye) with internRelease(None), which
is not supported.
This is happening with the current data/next-point-update.txt
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/merge-cve-files | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/bin/merge-cve-files b/bin/merge-cve-files index 36dee7acd5..b5382aa6fb 100755 --- a/bin/merge-cve-files +++ b/bin/merge-cve-files @@ -87,6 +87,13 @@ def merge_annotations(annotations, new_annotation): annotations[idx] = new_annotation break + # if we found an experimental annotation, it will be followed by a 'sid' + # one, so next_annotation.release will be None in the next case. That + # comparison will break, so we avoid it by continuing. If new_annotation + # was for experimental, we would have already replaced it in the above check. + if annotation.release == 'experimental': + continue + # if the next annotation's release is the same, we continue to replace # it in the next iteration. otherwise if we found the right place, we # insert the new annotation |