[Secure-testing-commits] r3145 - lib/python
Florian Weimer
fw at costa.debian.org
Fri Dec 23 22:35:50 UTC 2005
Author: fw
Date: 2005-12-23 22:35:45 +0000 (Fri, 23 Dec 2005)
New Revision: 3145
Modified:
lib/python/security_db.py
Log:
lib/python/security_db.py (DB.calculateDebsecan1):
Existence of a release-specific fix means that sid was vulnerable at
some point (this is central to our tracking model).
Modified: lib/python/security_db.py
===================================================================
--- lib/python/security_db.py 2005-12-23 22:24:50 UTC (rev 3144)
+++ lib/python/security_db.py 2005-12-23 22:35:45 UTC (rev 3145)
@@ -1406,7 +1406,16 @@
GROUP BY package, bug_name
ORDER BY package, bug_name""")):
- unstable_fixed = '0'
+ # By default, unstable is unfixed even if there are
+ # only release-specific annotations available. This
+ # is slightly at odds with the web front end (see
+ # data/latently-vulnerable) which does not normally
+ # report unstable versions as vulnerable in this case.
+ # However, in our tracking model, the main branch
+ # (sid) cannot be non-vulnerable, while the
+ # release-specific branches are.
+ unstable_fixed = ''
+
total_urgency = ''
other_versions = {}
is_binary = False
@@ -1472,10 +1481,11 @@
if not total_urgency:
total_urgency = 'unknown'
- # Check if the issue does not actually mark any packages
- # as vulnerable.
- if total_urgency == 'unimportant' \
- or (unstable_fixed == '0' and len(other_versions) == 0):
+ # Check if the issue does not actually mark any
+ # packages as vulnerable. (If unstable_fixed == '0',
+ # release-specific annotations cannot create
+ # vulnerabilities, either.)
+ if total_urgency == 'unimportant' or unstable_fixed == '0':
continue
if unstable_fixed is None:
More information about the Secure-testing-commits
mailing list