<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "Menlo"), DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: 0.875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;

}

body {

font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px; font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Salvatore Bonaccorso pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: bold;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb7fd7672d868a738423e0b8ca96324354d2406">0fb7fd76</a></strong>

<div>

<span> by Salvatore Bonaccorso </span> <i> at 2023-08-02T07:24:40+02:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Revert "bugs.py: Hint towards a typo issue on check"

This reverts commit 63a9aa4515f4335203346034dcf842b067ab0fcc.

Samuel Henrique reported on IRC to get a message "release note must

follow its package note" when trying to commit

        diff --git c/data/CVE/list i/data/CVE/list

        index 5f829a4c..a3741dd6 100644

        --- c/data/CVE/list

        +++ i/data/CVE/list

        @@ -92086,10 +92086,12 @@ CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allo

         CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...)

          [experimental] - samba 2:4.17.0+dfsg-1

          - samba 2:4.16.5+dfsg-2 (bug #1021024)

        + [buster] - sambda <not-affected> (Vulnerable code introduced later)

          [bullseye] - samba <postponed> (Minor issue)

          NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103

          NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644

        - NOTE: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1)

        + NOTE: Introduced by: https://gitlab.com/samba-team/samba/-/commit/664eed2e926f8f572b81e6d7c8e09b7ccbafb908 (samba-4.12.0)

        + NOTE: Fixed by: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1)

         CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...)

          NOT-FOR-US: WordPress plugin

         CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...)

In this case the error comes because of the release "[buster] - sambda

..." does not follow a package note "- sambda ...", which hints this

time to a possible typo in the source package name. If the source

package name would have been correct, the syntax check would have

indicated the wrong order next.

But this is not generally only a hint to a typo. Samewise the message

would come if two source package enties are covered and a release note

is put before the actual package note, e.g.

        - linux ...

        [buster] - amd64-microcode ...

        - amd64-microcode

Revert the change as the hint is given to check if something is wrong

adding the release note. It *might* be a typo in the source package

note, but it might be as well a release note which is missplaced but

valid.

That said, this hints at that the notation of 'package note' and

'release note' is not sufficiently well explained and might need some

clarification in the message from the syntax check or documentation.

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

1 changed file:

</h4>

<ul>

<li class="file-stats">

<a href="#9ce7a52cd2b3c604cb55b72c36423d4a2139478a">

lib/python/bugs.py

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="9ce7a52cd2b3c604cb55b72c36423d4a2139478a">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb7fd7672d868a738423e0b8ca96324354d2406#9ce7a52cd2b3c604cb55b72c36423d4a2139478a"><strong style="font-weight: bold;">lib/python/bugs.py</strong></a>

<hr style="overflow: hidden; border: 1px solid #e1e1e1;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#fff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="754" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="754" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(31,30,36,0.24); padding: inherit;" bgcolor="#fbfafd">@@ -754,9 +754,7 @@ class FileBase(debian_support.PackageFile):</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="754" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

754

</td>

<td class="new_line diff-line-num" data-linenumber="754" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

754

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC754" class="line" lang="python"><span class="s" style="color: #d14;">                #self.raiseSyntaxError("</span><span class="n" style="color: #333;">experimental</span> <span class="n" style="color: #333;">release</span> <span class="n" style="color: #333;">note</span> <span class="n" style="color: #333;">must</span> <span class="n" style="color: #333;">come</span> <span class="n" style="color: #333;">before</span> <span class="n" style="color: #333;">the</span> <span class="n" style="color: #333;">package</span> <span class="n" style="color: #333;">note</span><span class="s" style="color: #d14;">")</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="755" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

755

</td>

<td class="new_line diff-line-num" data-linenumber="755" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

755

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC755" class="line" lang="python"><span class="s" style="color: #d14;">                pass</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="756" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

756

</td>

<td class="new_line diff-line-num" data-linenumber="756" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

756

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC756" class="line" lang="python"><span class="s" style="color: #d14;">            elif note.release and note.release != debian_support.internRelease('experimental'):</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="757" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

757

</td>

<td class="new_line diff-line-num old" data-linenumber="757" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC757" class="line" lang="python"><span class="s" style="color: #d14;">                self.raiseSyntaxError(</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="758" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

758

</td>

<td class="new_line diff-line-num old" data-linenumber="757" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC758" class="line" lang="python"><span class="s" style="color: #d14;">                        "</span><span class="n" style="color: #333;">release</span> <span class="n" style="color: #333;">note</span> <span class="n" style="color: #333;">must</span> <span class="n" style="color: #333;">follow</span> <span class="n" style="color: #333;">its</span> <span class="n" style="color: #333;">package</span> <span class="nf" style="color: #900; font-weight: 600;">note </span><span class="p">(</span><span class="n" style="color: #333;">typo</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333;">package</span> <span class="n" style="color: #333;">name</span><span class="err" style="color: #a61717; background-color: #e3d2d2;">?</span><span class="p">)</span><span class="s" style="color: #d14;">",</span></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="759" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

759

</td>

<td class="new_line diff-line-num old" data-linenumber="757" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC759" class="line" lang="python"><span class="s" style="color: #d14;">                        lineno)</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="760" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="757" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

757

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span id="LC757" class="line" lang="python"><span class="s" style="color: #d14;">                self.raiseSyntaxError("</span><span class="n" style="color: #333;">release</span> <span class="n" style="color: #333;">note</span> <span class="n" style="color: #333;">must</span> <span class="n" style="color: #333;">follow</span> <span class="n" style="color: #333;">its</span> <span class="n" style="color: #333;">package</span> <span class="n" style="color: #333;">note</span><span class="s" style="color: #d14;">", lineno)</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="760" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

760

</td>

<td class="new_line diff-line-num" data-linenumber="758" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

758

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC758" class="line" lang="python"><span class="s" style="color: #d14;">        else:</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="761" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

761

</td>

<td class="new_line diff-line-num" data-linenumber="759" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

759

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC759" class="line" lang="python"><span class="s" style="color: #d14;">            if prev_note.release and note.release and prev_note.release < note.release:</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="762" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

762

</td>

<td class="new_line diff-line-num" data-linenumber="760" style="width: 35px; color: rgba(31,30,36,0.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

760

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 0.875rem; color: #333238; position: relative; font-family: var(--default-mono-font, "Menlo"),"DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC760" class="line" lang="python"><span class="s" style="color: #d14;">                self.raiseSyntaxError("</span><span class="n" style="color: #333;">release</span> <span class="n" style="color: #333;">notes</span> <span class="ow" style="font-weight: 600;">not</span> <span class="n" style="color: #333;">ordered</span> <span class="n" style="color: #333;">properly</span><span class="s" style="color: #d14;">", lineno)</span></span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #737278;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb7fd7672d868a738423e0b8ca96324354d2406">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fb7fd7672d868a738423e0b8ca96324354d2406"}}</script>

</p>

</div>

</body>

</html>