| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that DLA pages on https://www.debian.org/lts/security redirect to
the DLA announce in the mailinglist archive there is as well support to
redirect the respective DLA without needing the year.
Both https://www.debian.org/lts/security/${year}/${dsa} and
https://www.debian.org/lts/security/${dsa} get redirected to the DLA
announce. So we can simplify the url building to just replace the
correct DLA identifier.
Link: https://lists.debian.org/debian-security/2024/01/msg00001.html
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that DSA pages on https://www.debian.org/security redirect to the
DSA announce in the mailinglist archive there is as well support to
redirect the respective DSA without needing the year.
Both https://www.debian.org/security/${year}/${dsa} and
https://www.debian.org/security/${dsa} get redirected to the DSA
announce. So we can simplify the url building to just replace the
correct DSA identifier.
Link: https://lists.debian.org/debian-security/2024/01/msg00001.html
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As noted by Thomas Lange, incremented DSA references were as well
pointing to the unversioned DSA page, for instance
https://security-tracker.debian.org/tracker/DSA-5576-2 refers in it
source field https://www.debian.org/security/2023/dsa-5576 which will
redirect to the DSA-5576-1 announce mail.
Add logic to the url_dsa to only refer to the unversioned DSA reference
for the initial revision. Followups, either due to regression or
incomplete security fix will refer to the respective revision.
As potentially in a later change on debian-www side will make the
unversioned DSA entries refer to the latest mailinglist post about a
DSA, a followup commit might actually simplify the logic to always
generate the reference with the respective revision.
Reported-by: Thomas Lange <lange@cs.uni-koeln.de>
Link: https://lists.debian.org/debian-security/2024/01/msg00001.html
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
| |
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
| |
|
|
|
|
|
|
| |
See commit 5eccf413.
Related to #16
|
| |
|
|
|
|
|
|
|
|
| |
This reverts commit 09544dc04cf8e9df4f76f0848897e59a55d58e32.
Better to discuss possible additions via merge requests. In particular
cvedetails.com is not something we owuld want to link. Other might add
value to the additional sources.
|
|
|
|
|
|
|
|
| |
CVE Details, CIRCL, Red Hat CVEs, Ubuntu bugs, Alpine, Arch Linux bugs/CVEs.
Also shorten SUSE bugzilla to bug and use consistent function names.
Inspired-by: the Arch Linux security issue tracker
|
|
|
|
|
|
|
|
| |
As we are going to switch with the transition to cve.org feeds switch
now already for referring CVEs in the MITRE database in the source field
of CVE entries.
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
|
|
|
|
|
|
|
| |
This reverts commit f3e3e34a5ea5ac1e553b3aea371394812199e066.
Emilio did review the merge request so opt for this one and will close
!72.
|
|
|
|
|
|
| |
This reverts commit 0f210141afc8bc4666084987ed9b52ae924b2a58.
Since !72 existed. We will merge that one instread.
|
| |
|
|
|
|
|
|
| |
This is really misleading for users as it represents NVD's opinion on the severity of CVEs, but does *not* necessarily reflect the views of the Debian Security Team (and is often misconstrued by users as though it does).
There should probably also be deeper database changes to no longer store this value, but removing it from the website seems like a good (small) place to start.
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8795311fe744f6669fdf3da1ae281615aa97450a.
This causes issues e.g. on
https://security-tracker.debian.org/tracker/CVE-2021-20313.
Revert the change for now, but should be re-add once the bug can be
fixed.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
It had no consequences in security-tracker: the
next-oldstable-point-update.txt file is empty and the
next-point-update.txt CVEs are not used yet for what I can see via this
code path.
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
The one for update-db was dropped in f815d203, whereas tracker_service
has been getting the import from the web_support one. But let's better
be explicit.
|
|
|
|
| |
If no source package is given, return a 404 error.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Otherwise under python 3, make_list will fail with empty maps
as the map object will evaluate to true even if it's empty.
We could cast to a list in make_list before evaluating it, but
then we would need to ensure that we're receiving a valid type.
This is probably simpler.
|
| |
|
|
|
|
|
|
| |
In python3 this is an iterator, which breaks when the dict
is modified. To avoid that, force it to be evaluated as a
list.
|
| |
|
|
|
|
| |
As cmp is gone in py3. Also don't pass it as a positional argument.
|
| |
|
|
|
|
| |
And take the file out of README.releases.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
The first revision on the website doesn't have a postfix.
The second revision has a postfix of -2.
I was going to do something similar for DSA too, but found regression update
advisories are not available on the website for DSAs.
|
|
|
|
|
|
| |
This reverts commit 7177c0e348acbd70b76de7fc36116d02201bc9bf.
I accidentally pushed this to the wrong branch.
|
|
|
|
|
|
|
|
|
| |
The first revision on the website doesn't have a postfix.
The second revision has a postfix of -2.
I was going to do something similar for DSA too, but found regression update
advisories are not available on the website for DSAs.
|
|
|
|
|
|
|
| |
The novell.com address is historical and deprecated.
Requested-by: Alexandros Toptsoglou <atoptsoglou@suse.com>
Requested-in: <a3bc5c9f-d52d-a79d-e1da-6a6484cee9ea@suse.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Update references for backports suites for buster-backports,
stretch-backports and jessie-backports for status overview pages.
For testing migration canidates (which is helpful during freeze periods
to determine which fixes from usntable need to go to testing yet), make
bullseye the new testing distribution.
Updates lists of releases to sid, bullseye, buster, stretch and jessie.
|
|
|
|
|
| |
...for non-main packages. For those, emptying pkg_name is not enough,
we also need to set title to None.
|
|
|
|
|
|
|
|
|
|
|
| |
As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be
separated in different supages. This needs adaption for the URL
referenced in the source fields of the security-tracker for DLAs.
v2: Correct URL to actually match the final location under
/lts/security. Cf. https://bugs.debian.org/859122#82
Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
|
| |
|
| |
|