summaryrefslogtreecommitdiffstats
path: root/bin
Commit message (Collapse)AuthorAgeFilesLines
...
* merge-cve-files: further simplify merge_notesEmilio Pozuelo Monfort2023-03-271-13/+9
|
* merge-cve-files: simplify merge_notesEmilio Pozuelo Monfort2023-03-271-18/+9
| | | | | | It's just appending the new string annotations to the current annotations, with special care not to add them if they are already there (probably needed by grab-cve-in-fix or update-vuln).
* merge-cve-files: don't return the modified listEmilio Pozuelo Monfort2023-03-271-7/+5
| | | | | | We no longer get a tuple, so there's no need to convert it to a list and return it. The method just merges the annotation into the received annotations.
* sectracker.parsers: make cvelist et al return a list of BugsEmilio Pozuelo Monfort2023-03-274-18/+5
|
* update-vuln: don't use _replaceEmilio Pozuelo Monfort2023-03-271-18/+7
|
* update-vuln: mark_not_affected: add a bug variableEmilio Pozuelo Monfort2023-03-271-2/+3
|
* update-vuln: _add_annotation_to_cve: don't create a new BugEmilio Pozuelo Monfort2023-03-271-3/+3
| | | | We can just modify the existing object now.
* update-vuln: _add_annotation_to_cve: use a bug variableEmilio Pozuelo Monfort2023-03-271-4/+6
|
* grab-cve-in-fix: don't call _replaceEmilio Pozuelo Monfort2023-03-271-12/+4
| | | | | | We can just modify the bug instance and add it to the modified list. The data list is modified too, bug we don't do anything else with it.
* grab-cve-in-fix: add a bug variableEmilio Pozuelo Monfort2023-03-271-7/+11
|
* remove-cve-dist-tags: don't call _replaceEmilio Pozuelo Monfort2023-03-271-1/+1
|
* merge-cve-files: replace the annotations directlyEmilio Pozuelo Monfort2023-03-271-2/+1
| | | | | Without creating a new object. Also since we're not creating new objects, there's no need to recreate the data list.
* merge-cve-files: don't create a new Bug objectEmilio Pozuelo Monfort2023-03-271-7/+7
| | | | | Replace the bug's annotations instead now that we can modify the object.
* merge-cve-files: simplify extra string notesEmilio Pozuelo Monfort2023-03-271-13/+9
| | | | | The notes dict is only going to contain notes for the current CVE, so we can simply keep and pass the list.
* merge-cve-files: fix crash when there's an experimental tagEmilio Pozuelo Monfort2023-03-201-0/+7
| | | | | | | | | | | | | | | | | | | | If CVE/list has a CVE such as: CVE-2023-1234 [experimental] - foo 1.0-1 - foo 1.0-2 And we attempt to fix an annotation such as CVE-2023-1234 [bullseye] - foo 0.1-1+deb11u1 that will crash when we are iterating over the experimental annotation as next_annotation would be the sid one with release==None, and we would be comparing internRelease(bullseye) with internRelease(None), which is not supported. This is happening with the current data/next-point-update.txt
* grab-cve-in-fix: Adjust comment to mention non-free-firmware SourcesSalvatore Bonaccorso2023-02-041-0/+1
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Revert "Add links to more CVE search services"Salvatore Bonaccorso2023-01-201-72/+11
| | | | | | | | This reverts commit 09544dc04cf8e9df4f76f0848897e59a55d58e32. Better to discuss possible additions via merge requests. In particular cvedetails.com is not something we owuld want to link. Other might add value to the additional sources.
* Add links to more CVE search servicesPaul Wise2023-01-201-11/+72
| | | | | | | | CVE Details, CIRCL, Red Hat CVEs, Ubuntu bugs, Alpine, Arch Linux bugs/CVEs. Also shorten SUSE bugzilla to bug and use consistent function names. Inspired-by: the Arch Linux security issue tracker
* lts-cve-triage.py: move down unexpected_nodsaSylvain Beucler2022-11-091-3/+3
| | | | this sub-report rarely triggers action from front-desk and is of lower priority
* report-vuln: Switch to use cve.org URL for reference buildingSalvatore Bonaccorso2022-09-291-1/+1
| | | | | | | | | | | | Similar as done for 5eccf413c07f ("tracker_service: Switch to use cve.org URL for source reference") switch now already to the cve.org URL for referencing the CVE entries. A later change will switch to fetch the needed information as well from the new sources once they get available during the transition from cve.mitre.org to cve.org. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service: Switch to use cve.org URL for source referenceSalvatore Bonaccorso2022-09-291-2/+2
| | | | | | | | As we are going to switch with the transition to cve.org feeds switch now already for referring CVEs in the MITRE database in the source field of CVE entries. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Updated the order of how issues are shown in lts-cve-triage command. The ↵Ola Lundqvist2022-09-091-3/+3
| | | | reason is that it is more important to triage new potentially severe issues rather than to re-triage issues that have already been triaged once.
* lts-missing-uploads: ignore DLAs for older releasesEmilio Pozuelo Monfort2022-08-181-4/+16
| | | | | Otherwise we'll check the version in the old DLA against the current LTS's Sources.
* lts-missing-uploads: don't hardcode lts releaseEmilio Pozuelo Monfort2022-08-181-1/+7
|
* lts-cve-triage: don't use the release numberEmilio Pozuelo Monfort2022-08-082-3/+9
| | | | | This is much harder to catch when a release becomes EOL, as we grep for e.g. stretch.
* Remove lts-auto-eol scriptEmilio Pozuelo Monfort2022-08-031-68/+0
| | | | | | It has little use, is written in perl and not using our current parsers, and hardcodes stuff making it LTS specific when it could be more generic.
* LTS: When checking for missing lts uploads use buster sourcesSalvatore Bonaccorso2022-08-011-1/+1
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* add-dsa-needed: Only list packages for stable for dsa-needed listSalvatore Bonaccorso2022-08-011-1/+1
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Revert "Revert "Link to GitHub advisory search for CVEs""Salvatore Bonaccorso2022-07-311-0/+9
| | | | | | | This reverts commit f3e3e34a5ea5ac1e553b3aea371394812199e066. Emilio did review the merge request so opt for this one and will close !72.
* Revert "Link to GitHub advisory search for CVEs"Salvatore Bonaccorso2022-07-311-9/+0
| | | | | | This reverts commit 0f210141afc8bc4666084987ed9b52ae924b2a58. Since !72 existed. We will merge that one instread.
* Link to GitHub advisory search for CVEsPaul Wise2022-07-221-0/+9
|
* Updated lts-cve-triage.py script so that it checks for unsupported packages ↵Ola Lundqvist2022-07-141-1/+1
| | | | for buster insted of stretch. This will make future LTS front desk person less confused.
* One correction to the eol bulk add script. Also simplified the output to ↵Ola Lundqvist2022-07-111-11/+11
| | | | make it less verbose.
* Wrote a script to bulk add EOL entries for LTS buster.Ola Lundqvist2022-07-111-0/+68
|
* Make setup-repo work with submodulesEnrico Zini2022-06-221-2/+13
|
* gen-DSA: check for extra cve file only for first distEmilio Pozuelo Monfort2022-06-211-1/+4
| | | | | If the advisory is for multiple distributions, check for the extra cve file in the first one.
* lts-cve-triage.py: clarify report headerSylvain Beucler2022-05-281-1/+1
|
* Remove "NVD severity" from the web UITianon Gravi2022-05-171-9/+0
| | | | | | This is really misleading for users as it represents NVD's opinion on the severity of CVEs, but does *not* necessarily reflect the views of the Debian Security Team (and is often misconstrued by users as though it does). There should probably also be deeper database changes to no longer store this value, but removing it from the website seems like a good (small) place to start.
* lts-cve-triage: triage_possible_missed_fixes: skip packages already in ↵Sylvain Beucler2022-04-211-2/+3
| | | | dla-needed
* lts-cve-triage: track buster/stable updates suited for LTSSylvain Beucler2022-04-211-0/+13
| | | | | (re-committed with proper authorship and commit information) See https://lists.debian.org/debian-lts/2022/04/msg00011.html
* Revert lts-cve-triage.py changesSylvain Beucler2022-04-211-13/+1
| | | | This reverts commit 3fceb4e21a287674f166442ed8f5e563010710ff.
* LTS: triage asteriskAnton Gladky2022-04-211-1/+13
|
* lts-cve-triage: minor code clarificationSylvain Beucler2022-04-141-2/+2
|
* lts-cve-triage: support debian-security-support patternsSylvain Beucler2022-04-141-2/+6
| | | | e.g. better analysis for "node-moment" and "golang-github-prometheus-client-golang"
* lts-cve-triage.py: handle /stable /oldstable notations in dsa-needed.txtSylvain Beucler2022-04-021-1/+3
| | | | e.g. twig/oldstable
* Allow merge-cve-files to let RESERVED throughNeil Williams2022-02-151-1/+8
| | | | | | | Avoid merge-cve-files stumbling over FlagAnnotations like RESERVED and REJECTED. Also add code to tidy up the .xpck files that can be generated by the merge process.
* gen-DSA: don't set extracvefile to "null"Emilio Pozuelo Monfort2022-02-091-1/+1
| | | | | ...if the file config key doesn't exist, otherwise git commit will fail.
* Merge branch 'grabcvefix' into 'master'Neil Williams2022-02-033-1/+831
|\ | | | | | | | | grab-cve-in-fix #1001451 See merge request security-tracker-team/security-tracker!100
| * Improve error handling in grab-cve-in-fixNeil Williams2022-01-271-5/+36
| | | | | | | | | | | | Catch and report on possible typos in changes entries to better support maintainers pre-checking the d.changelog entries before upload - as long as the .changes file is signed.
| * Pylint updatesNeil Williams2022-01-272-97/+60
| | | | | | | | Extend linelength to 120 in black.

© 2014-2024 Faster IT GmbH | imprint | privacy policy