<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8b81d2818b342cbf962a6fb7a7bd45b16505d34">d8b81d28</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-11-18T08:42:48+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">external-check: Handle vendor prefixed entries

When the source-$VENDOR.html lists contain a vendor prefixed CVE entry

the external check update command will bail out:

    [...]

    <td>DEBIAN:CVE-2019-1010022</td>

    <td>DEBIAN:CVE-2019-1010023</td>

    <td>DEBIAN:CVE-2019-1010024</td>

    <td>DEBIAN:CVE-2019-1010025</td>

    DEBIAN.list contains garbage (see above), aborting

Allow the expression to contain a VENDOR: prefix and strip it out as

well.

Link: https://lists.debian.org/debian-security-tracker/2020/11/msg00014.html

Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

</pre>

</li>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27d2545af68101c3c75b8835e61abb1bd754c246">27d2545a</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-11-18T07:54:53+00:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge branch 'external-check-vendor-prefix' into 'master'

external-check: Handle vendor prefixed entries

See merge request security-tracker-team/security-tracker!73</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#8bbda9ddee07e4f474b5b5b12ba134347b7c389f">

check-external/update.sh

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="8bbda9ddee07e4f474b5b5b12ba134347b7c389f">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246#8bbda9ddee07e4f474b5b5b12ba134347b7c389f"><strong>check-external/update.sh</strong></a>

<hr>

<table class="code white" style="font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" id="" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">...</td>

<td class="line_content match " style="padding-left: 0.5em; padding-right: 0.5em; color: rgba(0,0,0,0.3);" bgcolor="#fafafa">@@ -58,7 +58,7 @@ check_list cve.list</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

58

</td>

<td class="diff-line-num new_line" data-linenumber="58" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

58

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC58" class="line" lang="shell"><span class="c" style="color: #998; font-style: italic;"># or as specified at the individual html files or elsewhere on cve.mitre.org's website</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

59

</td>

<td class="diff-line-num new_line" data-linenumber="59" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

59

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC59" class="line" lang="shell"><span class="k" style="font-weight: 600;">for </span>vendor <span class="k" style="font-weight: 600;">in </span>SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU<span class="p">;</span> <span class="k" style="font-weight: 600;">do</span></span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="60" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

60

</td>

<td class="diff-line-num new_line" data-linenumber="60" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

60

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC60" class="line" lang="shell"><span class="k" style="font-weight: 600;">    </span>wget <span class="nt" style="color: #000080;">-N</span> http://cve.mitre.org/data/refs/refmap/source-<span class="nv" style="color: #008080;">$vendor</span>.html</span>

</pre>

</td>

</tr>

<tr class="line_holder old" id="" style="line-height: 1.6;">

<td class="diff-line-num old old_line" data-linenumber="61" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

61

</td>

<td class="diff-line-num new_line old" data-linenumber="61" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#fbe9eb">

<pre style="margin: 0;">-<span id="LC61" class="line" lang="shell">    <span class="nb" style="color: #0086b3;">sed</span> <span class="nt" style="color: #000080;">-rn</span> <span class="s1" style="color: #d14;"><span class="idiff left right">'/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\1/;p}'</span></span> source-<span class="nv" style="color: #008080;">$vendor</span>.html |</span>

</pre>

</td>

</tr>

<tr class="line_holder new" id="" style="line-height: 1.6;">

<td class="diff-line-num new old_line" data-linenumber="62" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

</td>

<td class="diff-line-num new new_line" data-linenumber="61" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#ddfbe6">

61

</td>

<td class="line_content new" style="padding-left: 0.5em; padding-right: 0.5em;" bgcolor="#ecfdf0">

<pre style="margin: 0;">+<span id="LC61" class="line" lang="shell">    <span class="nb" style="color: #0086b3;">sed</span> <span class="nt" style="color: #000080;">-rn</span> <span class="s2" style="color: #d14;"><span class="idiff left">"/CVE-[12][0-9]{3}-/{s/^.+>(</span></span><span class="nv" style="color: #008080;"><span class="idiff">$vendor</span></span><span class="s2" style="color: #d14;"><span class="idiff">:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+</span></span><span class="nv" style="color: #008080;"><span class="idiff">$/</span></span><span class="se" style="color: #d14;"><span class="idiff">\2</span></span><span class="s2" style="color: #d14;"><span class="idiff right">/;p}"</span></span> source-<span class="nv" style="color: #008080;">$vendor</span>.html |</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="62" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

62

</td>

<td class="diff-line-num new_line" data-linenumber="62" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

62

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC62" class="line" lang="shell"> <span class="nb" style="color: #0086b3;">sort</span> <span class="nt" style="color: #000080;">-u</span> <span class="o" style="font-weight: 600;">></span> <span class="nv" style="color: #008080;">$vendor</span>.list</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="63" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

63

</td>

<td class="diff-line-num new_line" data-linenumber="63" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

63

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC63" class="line" lang="shell">    check_list <span class="nv" style="color: #008080;">$vendor</span>.list</span>

</pre>

</td>

</tr>

<tr class="line_holder" id="" style="line-height: 1.6;">

<td class="diff-line-num old_line" data-linenumber="64" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

64

</td>

<td class="diff-line-num new_line" data-linenumber="64" style="width: 35px; color: rgba(0,0,0,0.3); border-right-width: 1px; border-right-color: #f0f0f0; border-right-style: solid; padding: 0 5px;" align="right" bgcolor="#fafafa">

64

</td>

<td class="line_content" style="padding-left: 0.5em; padding-right: 0.5em;">

<pre style="margin: 0;"> <span id="LC64" class="line" lang="shell"><span class="k" style="font-weight: 600;">done</span></span></pre>

</td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

</p>

</div>

</body>

</html>