summaryrefslogtreecommitdiffstats
path: root/bin/tracker_service.py
Commit message (Collapse)AuthorAgeFilesLines
* tracker_service: Simplify DLA URL excluding dateSalvatore Bonaccorso18 hours1-6/+2
| | | | | | | | | | | | | | Now that DLA pages on https://www.debian.org/lts/security redirect to the DLA announce in the mailinglist archive there is as well support to redirect the respective DLA without needing the year. Both https://www.debian.org/lts/security/${year}/${dsa} and https://www.debian.org/lts/security/${dsa} get redirected to the DLA announce. So we can simplify the url building to just replace the correct DLA identifier. Link: https://lists.debian.org/debian-security/2024/01/msg00001.html Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service: Simplify DSA URL excluding dateSalvatore Bonaccorso18 hours1-6/+1
| | | | | | | | | | | | | | Now that DSA pages on https://www.debian.org/security redirect to the DSA announce in the mailinglist archive there is as well support to redirect the respective DSA without needing the year. Both https://www.debian.org/security/${year}/${dsa} and https://www.debian.org/security/${dsa} get redirected to the DSA announce. So we can simplify the url building to just replace the correct DSA identifier. Link: https://lists.debian.org/debian-security/2024/01/msg00001.html Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service: Fix generation of references for followup DSAsSalvatore Bonaccorso2024-01-061-4/+8
| | | | | | | | | | | | | | | | | | | | | As noted by Thomas Lange, incremented DSA references were as well pointing to the unversioned DSA page, for instance https://security-tracker.debian.org/tracker/DSA-5576-2 refers in it source field https://www.debian.org/security/2023/dsa-5576 which will redirect to the DSA-5576-1 announce mail. Add logic to the url_dsa to only refer to the unversioned DSA reference for the initial revision. Followups, either due to regression or incomplete security fix will refer to the respective revision. As potentially in a later change on debian-www side will make the unversioned DSA entries refer to the latest mailinglist post about a DSA, a followup commit might actually simplify the logic to always generate the reference with the respective revision. Reported-by: Thomas Lange <lange@cs.uni-koeln.de> Link: https://lists.debian.org/debian-security/2024/01/msg00001.html Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service.py: Remove non-functional Mageia advisories searchSalvatore Bonaccorso2023-06-151-9/+0
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service.py: Remove nonfunctional Metasploit searchSalvatore Bonaccorso2023-06-151-9/+0
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service.py: Remove non-functional EDB source searchSalvatore Bonaccorso2023-06-151-10/+0
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service.py: Remove nonfunctional bugtraq sourceSalvatore Bonaccorso2023-06-151-9/+0
| | | | Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* tracker_service: use www.cve.orgEmilio Pozuelo Monfort2023-06-071-1/+1
|
* tracker_service: link to cve.orgEmilio Pozuelo Monfort2023-06-071-1/+1
| | | | | | See commit 5eccf413. Related to #16
* Filter list for "unreported" view. Fix #987283Anton Gladky2023-05-261-2/+11
|
* Revert "Add links to more CVE search services"Salvatore Bonaccorso2023-01-201-72/+11
| | | | | | | | This reverts commit 09544dc04cf8e9df4f76f0848897e59a55d58e32. Better to discuss possible additions via merge requests. In particular cvedetails.com is not something we owuld want to link. Other might add value to the additional sources.
* Add links to more CVE search servicesPaul Wise2023-01-201-11/+72
| | | | | | | | CVE Details, CIRCL, Red Hat CVEs, Ubuntu bugs, Alpine, Arch Linux bugs/CVEs. Also shorten SUSE bugzilla to bug and use consistent function names. Inspired-by: the Arch Linux security issue tracker
* tracker_service: Switch to use cve.org URL for source referenceSalvatore Bonaccorso2022-09-291-2/+2
| | | | | | | | As we are going to switch with the transition to cve.org feeds switch now already for referring CVEs in the MITRE database in the source field of CVE entries. Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
* Revert "Revert "Link to GitHub advisory search for CVEs""Salvatore Bonaccorso2022-07-311-0/+9
| | | | | | | This reverts commit f3e3e34a5ea5ac1e553b3aea371394812199e066. Emilio did review the merge request so opt for this one and will close !72.
* Revert "Link to GitHub advisory search for CVEs"Salvatore Bonaccorso2022-07-311-9/+0
| | | | | | This reverts commit 0f210141afc8bc4666084987ed9b52ae924b2a58. Since !72 existed. We will merge that one instread.
* Link to GitHub advisory search for CVEsPaul Wise2022-07-221-0/+9
|
* Remove "NVD severity" from the web UITianon Gravi2022-05-171-9/+0
| | | | | | This is really misleading for users as it represents NVD's opinion on the severity of CVEs, but does *not* necessarily reflect the views of the Debian Security Team (and is often misconstrued by users as though it does). There should probably also be deeper database changes to no longer store this value, but removing it from the website seems like a good (small) place to start.
* Revert "tracker_service: sort releases in CVE pages"Salvatore Bonaccorso2021-11-301-3/+2
| | | | | | | | | | This reverts commit 8795311fe744f6669fdf3da1ae281615aa97450a. This causes issues e.g. on https://security-tracker.debian.org/tracker/CVE-2021-20313. Revert the change for now, but should be re-add once the bug can be fixed.
* tracker_service: sort releases in CVE pagesEmilio Pozuelo Monfort2021-11-251-2/+3
|
* tracker_service: also sort CVEs on stable-like pagesEmilio Pozuelo Monfort2021-04-301-2/+4
|
* Sort CVEs as versionsSylvain Beucler2021-04-301-4/+4
|
* Fix CVE10k problem for CVE with more than 4 numbersCarles Pina i Estany2021-02-151-3/+16
| | | | | | | It had no consequences in security-tracker: the next-oldstable-point-update.txt file is empty and the next-point-update.txt CVEs are not used yet for what I can see via this code path.
* tracker_service.py: Source: more: Link to vendor information via HTTPSSalvatore Bonaccorso2020-08-241-1/+1
|
* tracker_service: use setup_pathsEmilio Pozuelo Monfort2020-08-141-1/+1
|
* tracker_service: reorder importsEmilio Pozuelo Monfort2020-08-141-4/+5
|
* Add missing importsEmilio Pozuelo Monfort2020-08-141-0/+1
| | | | | | The one for update-db was dropped in f815d203, whereas tracker_service has been getting the import from the web_support one. But let's better be explicit.
* tracker_service: don't crash on /source-package/Emilio Pozuelo Monfort2020-08-111-0/+6
| | | | If no source package is given, return a 404 error.
* tracker_service: use with statementEmilio Pozuelo Monfort2020-08-111-16/+12
|
* tracker_service: switch to Python 3Emilio Pozuelo Monfort2020-08-061-1/+1
|
* tracker_service: convert maps to lists for make_listEmilio Pozuelo Monfort2020-08-061-3/+3
| | | | | | | | | Otherwise under python 3, make_list will fail with empty maps as the map object will evaluate to true even if it's empty. We could cast to a list in make_list before evaluating it, but then we would need to ensure that we're receiving a valid type. This is probably simpler.
* tracker_service: properly sort fixed versions tableEmilio Pozuelo Monfort2020-07-291-1/+2
|
* tracker_service.py: evaluate dict items as a listEmilio Pozuelo Monfort2020-07-291-1/+1
| | | | | | In python3 this is an iterator, which breaks when the dict is modified. To avoid that, force it to be evaluated as a list.
* tracker_service.py: open the binary image file as binaryEmilio Pozuelo Monfort2020-07-291-1/+1
|
* tracker_service.py: use a lambda function to sortEmilio Pozuelo Monfort2020-07-291-1/+1
| | | | As cmp is gone in py3. Also don't pass it as a positional argument.
* tracker_service.py: fix use of tabsEmilio Pozuelo Monfort2020-07-291-14/+14
|
* tracker_service: simplify stable-like callbacksEmilio Pozuelo Monfort2020-02-261-7/+2
| | | | And take the file out of README.releases.
* tracker_service: dynamically register stable releasesEmilio Pozuelo Monfort2020-02-261-29/+27
|
* tracker_service: unify *stable methodsEmilio Pozuelo Monfort2020-02-261-29/+15
|
* tracker_service: don't hardcode codenames in db queriesEmilio Pozuelo Monfort2020-02-261-12/+11
|
* tracker_service: don't hardcode backport codenamesEmilio Pozuelo Monfort2020-02-261-3/+3
|
* tracker_service: don't register oldoldstable when not supportedEmilio Pozuelo Monfort2020-02-261-8/+13
|
* Fix references to DLA regression updates on websiteBrian May2019-12-041-4/+8
| | | | | | | | | The first revision on the website doesn't have a postfix. The second revision has a postfix of -2. I was going to do something similar for DSA too, but found regression update advisories are not available on the website for DSAs.
* Revert "Fix references to DLA regression updates on website"Brian May2019-12-041-8/+4
| | | | | | This reverts commit 7177c0e348acbd70b76de7fc36116d02201bc9bf. I accidentally pushed this to the wrong branch.
* Fix references to DLA regression updates on websiteBrian May2019-12-041-4/+8
| | | | | | | | | The first revision on the website doesn't have a postfix. The second revision has a postfix of -2. I was going to do something similar for DSA too, but found regression update advisories are not available on the website for DSAs.
* Switch all bugzilla.novell.com URLs to bugzilla.suse.comPaul Wise2019-09-181-1/+1
| | | | | | | The novell.com address is historical and deprecated. Requested-by: Alexandros Toptsoglou <atoptsoglou@suse.com> Requested-in: <a3bc5c9f-d52d-a79d-e1da-6a6484cee9ea@suse.com>
* tracker_service: Update release -> codename mappings for stretch releaseSalvatore Bonaccorso2019-07-061-8/+8
| | | | | | | | | | | Update references for backports suites for buster-backports, stretch-backports and jessie-backports for status overview pages. For testing migration canidates (which is helpful during freeze periods to determine which fixes from usntable need to go to testing yet), make bullseye the new testing distribution. Updates lists of releases to sid, bullseye, buster, stretch and jessie.
* tracker-service: don't repeat the package linkEmilio Pozuelo Monfort2019-03-011-0/+4
| | | | | ...for non-main packages. For those, emptying pkg_name is not enough, we also need to set title to None.
* Adapt URL to DLA advisories in a https://www.debian.org/security/lts/Salvatore Bonaccorso2019-02-121-1/+1
| | | | | | | | | | | As discussed in https://bugs.debian.org/859122 DLAs and DSAs will be separated in different supages. This needs adaption for the URL referenced in the source fields of the security-tracker for DLAs. v2: Correct URL to actually match the final location under /lts/security. Cf. https://bugs.debian.org/859122#82 Thanks: Laura Arjona Reina, Holger Levsen and Antoine Beaupré
* Replace "x.has_key(y)" with "y in x" syntaxBrian May2018-08-201-4/+4
|
* Fix print statements for Python 3.6 compatibilityBrian May2018-08-061-2/+2
|

© 2014-2024 Faster IT GmbH | imprint | privacy policy