diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2010-05-09 19:39:57 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2010-05-09 19:39:57 +0000 |
commit | 07ff2f823d82c308a4cf7132a647fd30f5aae916 (patch) | |
tree | 6f6f775e7f55b0109c82b23fa225c6b535f1a911 /doc/python-format.txt | |
parent | 81932e3021aa12761f1b23d6b17196a83f8d1d4f (diff) |
sectracker.analyzers.vulnerabilities(): extract fixed package information
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14659 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'doc/python-format.txt')
-rw-r--r-- | doc/python-format.txt | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/doc/python-format.txt b/doc/python-format.txt index b0f0a91613..a2d2edff90 100644 --- a/doc/python-format.txt +++ b/doc/python-format.txt @@ -111,19 +111,28 @@ These act just as flags; no additional data is present. # Derived vulnerability information -These are contained in a list of info objects: +sectracker.analyzers.vulnerabilities() computes fixed versions for +bug/package pairs. These are returned in a list of vulnerability +objects: -* info.bug: name of the bug (potentially auto-generated) +* vuln.bug: name of the bug (potentially auto-generated) -* info.package: name of the package +* vuln.package: name of the package -* info.fixed: fixed version in unstable (a string), or None (no fix +* vuln.fixed: fixed version in unstable (a string), or None (no fix available) or True (all versions fixed) -* info.fixed_other: a tuple, containing other fixed versions (which +* vuln.fixed_other: a tuple, containing other fixed versions (which are less than the unfixed unstable version, but nevertheless known not to be vulnerable) In itself, this data is not very illuminating, but comparision with other information sources can be used to detect vulnerable installed packages, generate bug and distribution overview pages etc. + +This computation is in a separate pass because packages are sometimes +propagated between releases/distributions in the Debian archive. The +returned data only contains plain versions, disregarding the source, +so further processing can correctly handle package propagation (in the +sense that if a bug was fixed in one place, all propagated copies are +also fixed). |