[Secure-testing-commits] r3132 - lib/python

[Florian Weimer]

Author: fw
Date: 2005-12-23 15:22:49 +0000 (Fri, 23 Dec 2005)
New Revision: 3132

Modified:
   lib/python/security_db.py
Log:
lib/python/security_db.py (DB.calculateDebsecan1):
  Optimize vulnerability list.  Further tweaks to urgency handling:
  'unimportant' does not trump 'unknown'.


Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py	2005-12-23 14:10:50 UTC (rev 3131)
+++ lib/python/security_db.py	2005-12-23 15:22:49 UTC (rev 3132)
@@ -1364,9 +1364,10 @@
                  WHERE cve_name = p.bug_name)
                 FROM package_notes AS p, bugs AS b
                 WHERE p.urgency <> 'unimportant'
+                AND COALESCE(p.fixed_version, '') <> '0'
                 AND name NOT LIKE 'FAKE-0000000-%'
+                AND p.package_kind IN ('source', 'binary', 'unknown')
                 AND b.name = p.bug_name
-                AND p.package_kind IN ('source', 'binary', 'unknown')
                 ORDER BY p.bug_name"""):
                 if remote is None:
                     remote = '?'
@@ -1406,7 +1407,7 @@
                 ORDER BY package, bug_name""")):
 
                 unstable_fixed = '0'
-                total_urgency = 'unknown'
+                total_urgency = ''
                 other_versions = {}
                 is_binary = False
                 is_unknown = False
@@ -1415,12 +1416,14 @@
                     """SELECT release, package_kind, urgency, fixed_version
                     FROM package_notes WHERE bug_name = ? AND package = ?""",
                     (bug, package))):
-                    if total_urgency <> 'unknown':
+                    if not total_urgency:
+                        total_urgency = urgency
+                    elif total_urgency <> 'unknown':
                         if urgency <> 'unknown' \
                                and bugs.internUrgency(urgency) \
                                > bugs.internUrgency(total_urgency):
                             total_urgency = urgency
-                    else:
+                    elif total_urgency <> 'unimportant':
                         total_urgency = urgency
 
                     if kind == 'binary':
@@ -1464,6 +1467,9 @@
                             if debian_support.Version(v) > v_ref:
                                 other_versions[v] = True
 
+                if not total_urgency:
+                    total_urgency = 'unknown'
+
                 # Check if the issue does not actually mark any packages
                 # as vulnerable.
                 if total_urgency == 'unimportant' \