[Secure-testing-commits] r3122 - lib/python
Florian Weimer
fw at costa.debian.org
Thu Dec 22 10:19:07 UTC 2005
Author: fw
Date: 2005-12-22 10:19:06 +0000 (Thu, 22 Dec 2005)
New Revision: 3122
Modified:
lib/python/security_db.py
Log:
lib/python/security_db.py (DB.calculateDebsecan):
Check that a fixed package is actually available in sid, and do not
trust the list files.
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2005-12-22 09:21:30 UTC (rev 3121)
+++ lib/python/security_db.py 2005-12-22 10:19:06 UTC (rev 3122)
@@ -1251,6 +1251,8 @@
c.execute("""INSERT OR REPLACE INTO vulnlist
SELECT bug_name, package, id FROM package_notes
WHERE release = ?""", (release,))
+ else:
+ release = 'sid'
c.execute("""DELETE FROM vulnlist WHERE name LIKE 'FAKE-0000000-%'""")
@@ -1286,38 +1288,34 @@
# release.
fix_available = ' '
- if release:
- fix_available = ' '
- if kind == 'source':
- fix_available_sql = """SELECT st.vulnerable
- FROM source_packages AS p, source_package_status AS st
- WHERE p.name = ?
- AND p.release = ?
- AND p.subrelease IN ('', 'security')
- AND st.bug_name = ?
- AND st.package = p.rowid
- ORDER BY p.version COLLATE version DESC"""
- elif kind == 'binary':
- fix_available_sql = """SELECT st.vulnerable
- FROM binary_packages AS p, binary_package_status AS st
- WHERE p.name = ?
- AND p.release = ?
- AND p.subrelease IN ('', 'security')
- AND st.bug_name = ?
- AND st.package = p.rowid
- ORDER BY p.version COLLATE version DESC"""
- else:
- fix_available_sql = ''
+ if kind == 'source':
+ fix_available_sql = """SELECT st.vulnerable
+ FROM source_packages AS p, source_package_status AS st
+ WHERE p.name = ?
+ AND p.release = ?
+ AND p.subrelease IN ('', 'security')
+ AND st.bug_name = ?
+ AND st.package = p.rowid
+ ORDER BY p.version COLLATE version DESC"""
+ elif kind == 'binary':
+ fix_available_sql = """SELECT st.vulnerable
+ FROM binary_packages AS p, binary_package_status AS st
+ WHERE p.name = ?
+ AND p.release = ?
+ AND p.subrelease IN ('', 'security')
+ AND st.bug_name = ?
+ AND st.package = p.rowid
+ ORDER BY p.version COLLATE version DESC"""
+ else:
+ fix_available_sql = ''
- if fix_available_sql:
- for (v,) in c.execute(fix_available_sql,
- (package, release, name)):
- assert v is not None
- if not v:
- fix_available = 'F'
- break
- elif fixed_version <> '':
- fix_available = 'F'
+ if fix_available_sql:
+ for (v,) in c.execute(fix_available_sql,
+ (package, release, name)):
+ assert v is not None
+ if not v:
+ fix_available = 'F'
+ break
if kind == 'source':
kind = 'S'
@@ -1340,8 +1338,6 @@
package, fixed_version, description))
result = base64.encodestring(zlib.compress(''.join(result), 9))
- if not release:
- release = 'sid'
c.execute(
"INSERT OR REPLACE INTO debsecan_data (name, data) VALUES (?, ?)",
('release/' + release, result))
More information about the Secure-testing-commits
mailing list