<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: .875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;

}

body {

font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Salvatore Bonaccorso pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: 600;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5">5b308fde</a></strong>

<div>

<span> by Salvatore Bonaccorso </span> <i> at 2025-03-04T07:55:15+01:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>check-new-issues: Check if product key for specific CVE cna container is defined

There seem to be CVE entries where the cna container when listing the

affected product does not contain an actual 'product' assigned. Check

for this case to avoid an error:

        Traceback (most recent call last):

          File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 503, in <module>

            if nfu_entry := auto_nfu(todo, nfu_entries):

                            ~~~~~~~~^^^^^^^^^^^^^^^^^^^

          File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 228, in auto_nfu

            if nfu_entry_matches(nfu_entry, cve5):

               ~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^

          File "/home/carnil/src/security-tracker/security-tracker/./bin/check-new-issues", line 210, in nfu_entry_matches

            products = [ affected['product'] for affected in cve5['containers']['cna']['affected'] ]

                         ~~~~~~~~^^^^^^^^^^^

        KeyError: 'product'

Suggested-by: Sebastien Delafond <seb@debian.org>

Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

1 changed file:

</h4>

<ul>

<li class="file-stats">

<a href="#102ba054ef321dcfaf13db49173fc3255d0b62d1">

bin/check-new-issues

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="102ba054ef321dcfaf13db49173fc3255d0b62d1">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5#102ba054ef321dcfaf13db49173fc3255d0b62d1"><strong style="font-weight: 600;">bin/check-new-issues</strong></a>

<hr style="overflow: hidden; border: 1px solid #dcdcde;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#ffffff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="207" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="207" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(5,5,6,.24); padding: inherit;" bgcolor="#fbfafd">@@ -207,7 +207,7 @@ def nfu_entry_matches(nfu_entry, cve5):</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="207" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

207

</td>

<td class="new_line diff-line-num" data-linenumber="207" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

207

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC207" class="line" lang="python">    <span class="k" style="font-weight: 600;">if</span> <span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">cna</span><span class="sh" style="color: #dd1144;">'</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333333;">nfu_entry</span> <span class="ow" style="font-weight: 600;">and</span> <span class="n" style="color: #333333;">nfu_entry</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">cna</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="o" style="font-weight: 600;">==</span> <span class="n" style="color: #333333;">cna_name</span><span class="p">:</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="208" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

208

</td>

<td class="new_line diff-line-num" data-linenumber="208" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

208

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC208" class="line" lang="python">        <span class="k" style="font-weight: 600;">return</span> <span class="bp" style="color: #999999;">True</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="209" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

209

</td>

<td class="new_line diff-line-num" data-linenumber="209" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

209

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC209" class="line" lang="python"></span>

</pre></td>

</tr>

<tr class="line_holder old" style="line-height: 1.6;">

<td class="old_line diff-line-num old" data-linenumber="210" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

210

</td>

<td class="new_line diff-line-num old" data-linenumber="210" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #fac5cd; border-right-style: solid; padding: inherit;" align="right" bgcolor="#f9d7dc">

</td>

<td class="line_content old" style="padding: inherit;" bgcolor="#fbe9eb"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>-<span id="LC210" class="line" lang="python">    <span class="n" style="color: #333333;">products</span> <span class="o" style="font-weight: 600;">=</span> <span class="p">[</span> <span class="n" style="color: #333333;">affected</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">product</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="k" style="font-weight: 600;">for</span> <span class="n" style="color: #333333;">affected</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333333;">cve5</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">containers</span><span class="sh" style="color: #dd1144;">'</span><span class="p">][</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">cna</span><span class="sh" style="color: #dd1144;">'</span><span class="p">][</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">affected</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="p">]</span></span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="211" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="210" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

210

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span id="LC210" class="line" lang="python">    <span class="n" style="color: #333333;">products</span> <span class="o" style="font-weight: 600;">=</span> <span class="p">[</span> <span class="n" style="color: #333333;">affected</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">product</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="k" style="font-weight: 600;">for</span> <span class="n" style="color: #333333;">affected</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333333;">cve5</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">containers</span><span class="sh" style="color: #dd1144;">'</span><span class="p">][</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">cna</span><span class="sh" style="color: #dd1144;">'</span><span class="p">][</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">affected</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="k" style="font-weight: 600;"><span class="idiff left addition" style="background-color: #c7f0d2;">if</span></span><span class="idiff addition" style="background-color: #c7f0d2;"> </span><span class="sh" style="color: #dd1144;"><span class="idiff addition" style="background-color: #c7f0d2;">'</span></span><span class="s" style="color: #dd1144;"><span class="idiff addition" style="background-color: #c7f0d2;">product</span></span><span class="sh" style="color: #dd1144;"><span class="idiff addition" style="background-color: #c7f0d2;">'</span></span><span class="idiff addition" style="background-color: #c7f0d2;"> </span><span class="ow" style="font-weight: 600;"><span class="idiff addition" style="background-color: #c7f0d2;">in</span></span><span class="idiff addition" style="background-color: #c7f0d2;"> </span><span class="n" style="color: #333333;"><span class="idiff addition" style="background-color: #c7f0d2;">affected</span></span><span class="idiff right addition" style="background-color: #c7f0d2;"> </span><span class="p">]</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="211" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

211

</td>

<td class="new_line diff-line-num" data-linenumber="211" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

211

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC211" class="line" lang="python">    <span class="c1" style="color: #999988; font-style: italic;"># only mark it if there's a single product, in case the CVE affects various</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="212" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

212

</td>

<td class="new_line diff-line-num" data-linenumber="212" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

212

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC212" class="line" lang="python">    <span class="c1" style="color: #999988; font-style: italic;"># projects and one of the others applies to us</span></span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="213" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

213

</td>

<td class="new_line diff-line-num" data-linenumber="213" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

213

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span id="LC213" class="line" lang="python">    <span class="k" style="font-weight: 600;">if</span> <span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">product</span><span class="sh" style="color: #dd1144;">'</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333333;">nfu_entry</span> <span class="ow" style="font-weight: 600;">and</span> <span class="nf" style="color: #990000; font-weight: 600;">len</span><span class="p">(</span><span class="n" style="color: #333333;">products</span><span class="p">)</span> <span class="o" style="font-weight: 600;">==</span> <span class="mi" style="color: #009999;">1</span> <span class="ow" style="font-weight: 600;">and</span> <span class="n" style="color: #333333;">nfu_entry</span><span class="p">[</span><span class="sh" style="color: #dd1144;">'</span><span class="s" style="color: #dd1144;">product</span><span class="sh" style="color: #dd1144;">'</span><span class="p">]</span> <span class="ow" style="font-weight: 600;">in</span> <span class="n" style="color: #333333;">products</span><span class="p">:</span></span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #626168;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b308fdebf5fbd10fb9e01caa628d3d26559b5b5"}}</script>

</p>

</div>

</body>

</html>