summaryrefslogtreecommitdiffstats
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
* Updated the order of how issues are shown in lts-cve-triage command. The ↵Ola Lundqvist2022-09-091-3/+3
| | | | reason is that it is more important to triage new potentially severe issues rather than to re-triage issues that have already been triaged once.
* lts-missing-uploads: ignore DLAs for older releasesEmilio Pozuelo Monfort2022-08-181-4/+16
| | | | | Otherwise we'll check the version in the old DLA against the current LTS's Sources.
* lts-missing-uploads: don't hardcode lts releaseEmilio Pozuelo Monfort2022-08-181-1/+7
|
* lts-cve-triage: don't use the release numberEmilio Pozuelo Monfort2022-08-082-3/+9
| | | | | This is much harder to catch when a release becomes EOL, as we grep for e.g. stretch.
* Remove lts-auto-eol scriptEmilio Pozuelo Monfort2022-08-031-68/+0
| | | | | | It has little use, is written in perl and not using our current parsers, and hardcodes stuff making it LTS specific when it could be more generic.
* LTS: When checking for missing lts uploads use buster sourcesSalvatore Bonaccorso2022-08-011-1/+1
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* add-dsa-needed: Only list packages for stable for dsa-needed listSalvatore Bonaccorso2022-08-011-1/+1
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Revert "Revert "Link to GitHub advisory search for CVEs""Salvatore Bonaccorso2022-07-311-0/+9
| | | | | | | This reverts commit f3e3e34a5ea5ac1e553b3aea371394812199e066. Emilio did review the merge request so opt for this one and will close !72.
* Revert "Link to GitHub advisory search for CVEs"Salvatore Bonaccorso2022-07-311-9/+0
| | | | | | This reverts commit 0f210141afc8bc4666084987ed9b52ae924b2a58. Since !72 existed. We will merge that one instread.
* Link to GitHub advisory search for CVEsPaul Wise2022-07-221-0/+9
|
* Updated lts-cve-triage.py script so that it checks for unsupported packages ↵Ola Lundqvist2022-07-141-1/+1
| | | | for buster insted of stretch. This will make future LTS front desk person less confused.
* One correction to the eol bulk add script. Also simplified the output to ↵Ola Lundqvist2022-07-111-11/+11
| | | | make it less verbose.
* Wrote a script to bulk add EOL entries for LTS buster.Ola Lundqvist2022-07-111-0/+68
|
* Make setup-repo work with submodulesEnrico Zini2022-06-221-2/+13
|
* gen-DSA: check for extra cve file only for first distEmilio Pozuelo Monfort2022-06-211-1/+4
| | | | | If the advisory is for multiple distributions, check for the extra cve file in the first one.
* lts-cve-triage.py: clarify report headerSylvain Beucler2022-05-281-1/+1
|
* Remove "NVD severity" from the web UITianon Gravi2022-05-171-9/+0
| | | | | | This is really misleading for users as it represents NVD's opinion on the severity of CVEs, but does *not* necessarily reflect the views of the Debian Security Team (and is often misconstrued by users as though it does). There should probably also be deeper database changes to no longer store this value, but removing it from the website seems like a good (small) place to start.
* lts-cve-triage: triage_possible_missed_fixes: skip packages already in ↵Sylvain Beucler2022-04-211-2/+3
| | | | dla-needed
* lts-cve-triage: track buster/stable updates suited for LTSSylvain Beucler2022-04-211-0/+13
| | | | | (re-committed with proper authorship and commit information) See https://lists.debian.org/debian-lts/2022/04/msg00011.html
* Revert lts-cve-triage.py changesSylvain Beucler2022-04-211-13/+1
| | | | This reverts commit 3fceb4e21a287674f166442ed8f5e563010710ff.
* LTS: triage asteriskAnton Gladky2022-04-211-1/+13
|
* lts-cve-triage: minor code clarificationSylvain Beucler2022-04-141-2/+2
|
* lts-cve-triage: support debian-security-support patternsSylvain Beucler2022-04-141-2/+6
| | | | e.g. better analysis for "node-moment" and "golang-github-prometheus-client-golang"
* lts-cve-triage.py: handle /stable /oldstable notations in dsa-needed.txtSylvain Beucler2022-04-021-1/+3
| | | | e.g. twig/oldstable
* Allow merge-cve-files to let RESERVED throughNeil Williams2022-02-151-1/+8
| | | | | | | Avoid merge-cve-files stumbling over FlagAnnotations like RESERVED and REJECTED. Also add code to tidy up the .xpck files that can be generated by the merge process.
* gen-DSA: don't set extracvefile to "null"Emilio Pozuelo Monfort2022-02-091-1/+1
| | | | | ...if the file config key doesn't exist, otherwise git commit will fail.
* Merge branch 'grabcvefix' into 'master'Neil Williams2022-02-033-1/+831
|\ | | | | | | | | grab-cve-in-fix #1001451 See merge request security-tracker-team/security-tracker!100
| * Improve error handling in grab-cve-in-fixNeil Williams2022-01-271-5/+36
| | | | | | | | | | | | Catch and report on possible typos in changes entries to better support maintainers pre-checking the d.changelog entries before upload - as long as the .changes file is signed.
| * Pylint updatesNeil Williams2022-01-272-97/+60
| | | | | | | | Extend linelength to 120 in black.
| * Update grab-cve-in-fix for known examplesNeil Williams2022-01-273-26/+180
| | | | | | | | | | | | | | | | | | | | Support catching errors in the d.changelog Add support for forcing a specific version Fix typo in new support in bin/merge-cve-files Update support in update-vuln to insert new PackageAnnotations in specific order.
| * Add remaining support and switch to using loggingNeil Williams2022-01-271-21/+146
| | | | | | | | | | | | Add support to add a bug number. Add warnings in --help that each update must be merged before the same CVE can be updated again.
| * Add support for merging NOTE: StringAnnotationsNeil Williams2022-01-271-1/+46
| |
| * Add support for --input accepting email text on STDINNeil Williams2022-01-271-27/+78
| |
| * Add initial update-vuln scriptNeil Williams2022-01-271-0/+182
| |
| * grab-cve-in-fix #1001451Neil Williams2022-01-271-0/+279
| | | | | | | | Add a tool to ease processing of new uploads which fix CVEs
* | gen-DSA: diff and commit changes to extracvefileEmilio Pozuelo Monfort2022-02-011-2/+5
| | | | | | | | In case we're processing a dist that uses an ExtendFile.
* | gen-DSA: sanitize DISTS var after calculating itEmilio Pozuelo Monfort2022-02-011-1/+3
| | | | | | | | Rather than have every user have to do it.
* | remove-cve-dist-tags: remove empty CVE entriesEmilio Pozuelo Monfort2022-02-011-0/+6
|/ | | | | This can happen in ExtendFiles if they only contain dist tags that are being removed.
* gen-DSA: Allow one more digit for the old style bug number formatSalvatore Bonaccorso2022-01-121-1/+1
| | | | | | | | The # prefixed bugnumber format was prefered to pass to the script, still we have the alternative of the digits only. Just bump the allowed digits by one now that we reached the 100000's bug. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Revert "tracker_service: sort releases in CVE pages"Salvatore Bonaccorso2021-11-301-3/+2
| | | | | | | | | | This reverts commit 8795311fe744f6669fdf3da1ae281615aa97450a. This causes issues e.g. on https://security-tracker.debian.org/tracker/CVE-2021-20313. Revert the change for now, but should be re-add once the bug can be fixed.
* tracker_service: sort releases in CVE pagesEmilio Pozuelo Monfort2021-11-251-2/+3
|
* check-new-issues: implement review commentsNeil Williams2021-11-191-2/+2
| | | | Move the print statements inside the conditional.
* Improve check-new-issues for new usersNeil Williams2021-11-191-3/+10
| | | | | Print the supported commands before entering interactive mode. Skip if only listing the CVEs
* bin/lts-missing-uploads: drop the .py extensionEmilio Pozuelo Monfort2021-11-101-0/+0
|
* bin/lts-missing-uploads.py: also get contrib & non-freeEmilio Pozuelo Monfort2021-11-101-6/+12
| | | | | Otherwise we will crash if there's a DLA for a package in one of those components.
* gen-DSA: only call remove-cve-dist-tags if there's dist infoEmilio Pozuelo Monfort2021-11-071-1/+3
| | | | | | | | | | When calling gen-DSA without --save, there's no version/release information, so skip the call there to avoid a crash. In those situations, gen-DSA will be called once more when the DSA is ready with the --save argument, and we'll then remove the appropriate CVE tags. Closes #9
* gen-DSA: Hanlde CVE list in DLA/ELA mode as wellSalvatore Bonaccorso2021-11-061-2/+2
| | | | | | | | | | The recent addition of the remove-cve-dist-tags hook in gen-D[SL]A script removes entries from data/CVE/list when they had a no-dsa (or it's substates) which are handled in the update. When gen-DSA script is invoked in DLA mode though, there is a mechanism to automatically commit the changes (and option to push) but that did not take into account the changes in data/CVE/list.
* tracker_data: setup paths before importing local modulesEmilio Pozuelo Monfort2021-11-051-0/+2
|
* gen-DSA: only call remove-cve-dist-tags onceEmilio Pozuelo Monfort2021-11-031-1/+5
| | | | | | | | | And do it after we've asked for all the versions. Calling the script after asking for each version and before asking for the next is annoying as the script takes some time due to the size of CVE/list. This way not only do we avoid that wait between user inputs, but we also avoid calling the script and thus parsing CVE/list multiple times.
* bin/remove-cve-dist-tags: accept multiple releasesEmilio Pozuelo Monfort2021-11-031-6/+8
| | | | The release argument is a comma-separated list now.

© 2014-2024 Faster IT GmbH | imprint | privacy policy