lib/python/security_db.py (DB.calculateDebsecan):

Check that a fixed package is actually available in sid, and do not trust the list files. git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3122 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Florian Weimer <fw@deneb.enyo.de> 2005-12-22 10:19:06 +0000
committer: Florian Weimer <fw@deneb.enyo.de> 2005-12-22 10:19:06 +0000
commit: a78e98031dfc17c060c14b5b5e01636ec59e8c9b (patch)
tree: a97c9e19fa030a752032b60aa289212bb927ca7b /lib
parent: 23c296b3cddf85b1952035c752e80932cc19b0b2 (diff)
1 files changed, 30 insertions, 34 deletions
diff --git a/lib/python/security_db.py b/lib/python/security_db.py
index e55514aad5..3f1c5f85e3 100644
--- a/lib/python/security_db.py
+++ b/lib/python/security_db.py
@@ -1251,6 +1251,8 @@ class DB:
             c.execute("""INSERT OR REPLACE INTO vulnlist
             SELECT bug_name, package, id FROM package_notes
             WHERE release = ?""", (release,))
+        else:
+            release = 'sid'
 
         c.execute("""DELETE FROM vulnlist WHERE name LIKE 'FAKE-0000000-%'""")
 
@@ -1286,38 +1288,34 @@ class DB:
             # release.
 
             fix_available = ' '
-            if release:
-                fix_available = ' '
-                if kind == 'source':
-                    fix_available_sql = """SELECT st.vulnerable
-                        FROM source_packages AS p, source_package_status AS st
-                        WHERE p.name = ?
-                        AND p.release = ?
-                        AND p.subrelease IN ('', 'security')
-                        AND st.bug_name = ?
-                        AND st.package = p.rowid
-                        ORDER BY p.version COLLATE version DESC"""
-                elif kind == 'binary':
-                    fix_available_sql = """SELECT st.vulnerable
-                        FROM binary_packages AS p, binary_package_status AS st
-                        WHERE p.name = ?
-                        AND p.release = ?
-                        AND p.subrelease IN ('', 'security')
-                        AND st.bug_name = ?
-                        AND st.package = p.rowid
-                        ORDER BY p.version COLLATE version DESC"""
-                else:
-                    fix_available_sql = ''
-
-                if fix_available_sql:
-                    for (v,) in c.execute(fix_available_sql,
-                                          (package, release, name)):
-                        assert v is not None
-                        if not v:
-                            fix_available = 'F'
-                        break
-            elif fixed_version <> '':
-                fix_available = 'F'
+            if kind == 'source':
+                fix_available_sql = """SELECT st.vulnerable
+                    FROM source_packages AS p, source_package_status AS st
+                    WHERE p.name = ?
+                    AND p.release = ?
+                    AND p.subrelease IN ('', 'security')
+                    AND st.bug_name = ?
+                    AND st.package = p.rowid
+                    ORDER BY p.version COLLATE version DESC"""
+            elif kind == 'binary':
+                fix_available_sql = """SELECT st.vulnerable
+                    FROM binary_packages AS p, binary_package_status AS st
+                    WHERE p.name = ?
+                    AND p.release = ?
+                    AND p.subrelease IN ('', 'security')
+                    AND st.bug_name = ?
+                    AND st.package = p.rowid
+                    ORDER BY p.version COLLATE version DESC"""
+            else:
+                fix_available_sql = ''
+
+            if fix_available_sql:
+                for (v,) in c.execute(fix_available_sql,
+                                      (package, release, name)):
+                    assert v is not None
+                    if not v:
+                        fix_available = 'F'
+                    break
 
             if kind == 'source':
                 kind = 'S'
@@ -1340,8 +1338,6 @@ class DB:
                              package, fixed_version, description))
         result = base64.encodestring(zlib.compress(''.join(result), 9))
 
-        if not release:
-            release = 'sid'
         c.execute(
             "INSERT OR REPLACE INTO debsecan_data (name, data) VALUES (?, ?)",
             ('release/' + release, result))
author	Florian Weimer <fw@deneb.enyo.de>	2005-12-22 10:19:06 +0000
committer	Florian Weimer <fw@deneb.enyo.de>	2005-12-22 10:19:06 +0000
commit	a78e98031dfc17c060c14b5b5e01636ec59e8c9b (patch)
tree	a97c9e19fa030a752032b60aa289212bb927ca7b /lib
parent	23c296b3cddf85b1952035c752e80932cc19b0b2 (diff)