diff options
author | Florian Weimer <fw@deneb.enyo.de> | 2005-12-22 10:19:06 +0000 |
---|---|---|
committer | Florian Weimer <fw@deneb.enyo.de> | 2005-12-22 10:19:06 +0000 |
commit | a78e98031dfc17c060c14b5b5e01636ec59e8c9b (patch) | |
tree | a97c9e19fa030a752032b60aa289212bb927ca7b /lib | |
parent | 23c296b3cddf85b1952035c752e80932cc19b0b2 (diff) |
lib/python/security_db.py (DB.calculateDebsecan):
Check that a fixed package is actually available in sid, and do not
trust the list files.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3122 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'lib')
-rw-r--r-- | lib/python/security_db.py | 64 |
1 files changed, 30 insertions, 34 deletions
diff --git a/lib/python/security_db.py b/lib/python/security_db.py index e55514aad5..3f1c5f85e3 100644 --- a/lib/python/security_db.py +++ b/lib/python/security_db.py @@ -1251,6 +1251,8 @@ class DB: c.execute("""INSERT OR REPLACE INTO vulnlist SELECT bug_name, package, id FROM package_notes WHERE release = ?""", (release,)) + else: + release = 'sid' c.execute("""DELETE FROM vulnlist WHERE name LIKE 'FAKE-0000000-%'""") @@ -1286,38 +1288,34 @@ class DB: # release. fix_available = ' ' - if release: - fix_available = ' ' - if kind == 'source': - fix_available_sql = """SELECT st.vulnerable - FROM source_packages AS p, source_package_status AS st - WHERE p.name = ? - AND p.release = ? - AND p.subrelease IN ('', 'security') - AND st.bug_name = ? - AND st.package = p.rowid - ORDER BY p.version COLLATE version DESC""" - elif kind == 'binary': - fix_available_sql = """SELECT st.vulnerable - FROM binary_packages AS p, binary_package_status AS st - WHERE p.name = ? - AND p.release = ? - AND p.subrelease IN ('', 'security') - AND st.bug_name = ? - AND st.package = p.rowid - ORDER BY p.version COLLATE version DESC""" - else: - fix_available_sql = '' - - if fix_available_sql: - for (v,) in c.execute(fix_available_sql, - (package, release, name)): - assert v is not None - if not v: - fix_available = 'F' - break - elif fixed_version <> '': - fix_available = 'F' + if kind == 'source': + fix_available_sql = """SELECT st.vulnerable + FROM source_packages AS p, source_package_status AS st + WHERE p.name = ? + AND p.release = ? + AND p.subrelease IN ('', 'security') + AND st.bug_name = ? + AND st.package = p.rowid + ORDER BY p.version COLLATE version DESC""" + elif kind == 'binary': + fix_available_sql = """SELECT st.vulnerable + FROM binary_packages AS p, binary_package_status AS st + WHERE p.name = ? + AND p.release = ? + AND p.subrelease IN ('', 'security') + AND st.bug_name = ? + AND st.package = p.rowid + ORDER BY p.version COLLATE version DESC""" + else: + fix_available_sql = '' + + if fix_available_sql: + for (v,) in c.execute(fix_available_sql, + (package, release, name)): + assert v is not None + if not v: + fix_available = 'F' + break if kind == 'source': kind = 'S' @@ -1340,8 +1338,6 @@ class DB: package, fixed_version, description)) result = base64.encodestring(zlib.compress(''.join(result), 9)) - if not release: - release = 'sid' c.execute( "INSERT OR REPLACE INTO debsecan_data (name, data) VALUES (?, ?)", ('release/' + release, result)) |