[Secure-testing-commits] r5632 - data/DTSA lib/python

Florian Weimer fw at alioth.debian.org
Fri Apr 6 10:36:58 UTC 2007 

Author: fw
Date: 2007-04-06 10:36:58 +0000 (Fri, 06 Apr 2007)
New Revision: 5632

Modified:
   data/DTSA/list
   lib/python/bugs.py
Log:
After the release of etch, the DTSA file will contain historic
entries for etch, and new ones for lenny.  Our previous automatic
tagging of all entries as etch does not work anymore.  Hence,
we make the release indicator explicit.

* lib/python/bugs.py (DTSAFile.finishBug):
  Verify that a release has been specified.  No longer default to
  "etch".

* data/DTSA/list
  Mark all entries as etch.


Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2007-04-06 01:09:26 UTC (rev 5631)
+++ data/DTSA/list	2007-04-06 10:36:58 UTC (rev 5632)
@@ -1,94 +1,94 @@
 [August 26th, 2005] DTSA-1-1 kismet - various
 	{CVE-2005-2626 CVE-2005-2627 }
-	- kismet 2005.08.R1-0.1etch1 (high)
+	[etch] - kismet 2005.08.R1-0.1etch1 (high)
 [August 28th, 2005] DTSA-2-1 centericq - multiple vulnerabilities
 	{CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914 }
-	- centericq 4.20.0-8etch1 (medium)
+	[etch] - centericq 4.20.0-8etch1 (medium)
 [August 28th, 2005] DTSA-3-1 clamav - denial of service and privilege escalation
 	{CVE-2005-2070 CVE-2005-1923 CVE-2005-2056 CVE-2005-1922 CVE-2005-2450 }
-	- clamav 0.86.2-4etch1 (high)
+	[etch] - clamav 0.86.2-4etch1 (high)
 [August 28th, 2005] DTSA-4-1 ekg - multiple vulnerabilities
 	{CVE-2005-1916 CVE-2005-1851 CVE-2005-1850 CVE-2005-1852 CVE-2005-2448 }
-	- ekg 1:1.5+20050808+1.6rc3-0etch1 (high)
+	[etch] - ekg 1:1.5+20050808+1.6rc3-0etch1 (high)
 [August 28th, 2005] DTSA-5-1 gaim - multiple remote vulnerabilities
 	{CVE-2005-2102 CVE-2005-2370 CVE-2005-2103 }
-	- gaim 1:1.4.0-5etch2 (high)
+	[etch] - gaim 1:1.4.0-5etch2 (high)
 [August 28th, 2005] DTSA-6-1 cgiwrap - multiple vulnerabilities
 	{CVE-2005-3254 CVE-2005-3255}
-	- cgiwrap 3.9-3.0etch1 (medium)
+	[etch] - cgiwrap 3.9-3.0etch1 (medium)
 [August 28th, 2005] DTSA-7-1 mozilla - frame injection spoofing
 	{CVE-2004-0718 CVE-2005-1937 }
-	- mozilla 2:1.7.8-1sarge1 (medium)
+	[etch] - mozilla 2:1.7.8-1sarge1 (medium)
 [September 1st, 2005] DTSA-8-2 mozilla-firefox - several vulnerabilities (update)
 	{CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2262 CVE-2005-2263 CVE-2005-2264 CVE-2005-2265 CVE-2005-2266 CVE-2005-2267 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 }
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	[etch] - mozilla-firefox 1.0.4-2sarge3 (medium)
 [August 31st, 2005] DTSA-9-1 bluez-utils - bad device name escaping
 	{CVE-2005-2547 }
-	- bluez-utils 2.19-0.1etch1 (high)
+	[etch] - bluez-utils 2.19-0.1etch1 (high)
 [August 29th, 2005] DTSA-10-1 pcre3 - buffer overflow
 	{CVE-2005-2491 }
-	- pcre3 6.3-0.1etch1 (high)
+	[etch] - pcre3 6.3-0.1etch1 (high)
 [August 29th, 2005] DTSA-11-1 maildrop - local privilege escalation
 	{CVE-2005-2655 }
-	- maildrop 1.5.3-1.1etch1 (medium)
+	[etch] - maildrop 1.5.3-1.1etch1 (medium)
 [September 8th, 2005] DTSA-12-1 vim - modeline exploits
 	{CVE-2005-2368 }
-	- vim 1:6.3-085+0.0etch1 (medium)
+	[etch] - vim 1:6.3-085+0.0etch1 (medium)
 [September 8th, 2005] DTSA-13-1 evolution - format string vulnerabilities
 	{CVE-2005-2549 CVE-2005-2550 }
-	- evolution 2.2.3-2etch1 (high)
+	[etch] - evolution 2.2.3-2etch1 (high)
 [September 13th, 2005] DTSA-14-1 mozilla - several
 	{CVE-2004-0718 CVE-2005-1937 CVE-2005-2260 CVE-2005-2261 CVE-2005-2263 CVE-2005-2265 CVE-2005-2266 CVE-2005-2268 CVE-2005-2269 CVE-2005-2270 }
-	- mozilla 2:1.7.8-1sarge2
+	[etch] - mozilla 2:1.7.8-1sarge2
 [September 13th, 2005] DTSA-15-1 php4 - several vulnerabilities
 	{CVE-2005-1751 CVE-2005-1921 CVE-2005-2498 }
-	- php4 4:4.3.10-16etch1
+	[etch] - php4 4:4.3.10-16etch1
 [September 15th, 2005] DTSA-16-1 linux-2.6 - various
 	{CVE-2005-2098 CVE-2005-2099 CVE-2005-2456 CVE-2005-2617 CVE-2005-1913 CVE-2005-1761 CVE-2005-2457 CVE-2005-2458 CVE-2005-2459 CVE-2005-2548 CVE-2004-2302 CVE-2005-1765 CVE-2005-1762 CVE-2005-2555 }
 	NOTE: Just a pointer to a regular update in testing.
 [September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file
 	{CVE-2005-2672 }
-	- lm-sensors 1:2.9.1-6etch1
+	[etch] - lm-sensors 1:2.9.1-6etch1
 [September 22nd, 2005] DTSA-19-1 clamav - buffer overflow and infinate loop problems
 	{CVE-2005-2919 CVE-2005-2920 }
-	- clamav 0.86.2-4etch2
+	[etch] - clamav 0.86.2-4etch2
 [October 13th, 2005] DTSA-20-1 mailutils - Format string vulnerability
 	{CVE-2005-2878 }
-	- mailutils 1:0.6.90-2.1etch1
+	[etch] - mailutils 1:0.6.90-2.1etch1
 [November 3rd, 2005] DTSA-21-1 clamav - Denial of service vulnerabilities and buffer overflow
 	{CVE-2005-3239 CVE-2005-3500 CVE-2005-3501 CVE-2005-3303 }
-	- clamav 0.87.1-0etch.1
+	[etch] - clamav 0.87.1-0etch.1
 [December 5th, 2005] DTSA-22-1 uim - local privilege escalation
 	{CVE-2005-3149 }
-	- uim 1:0.4.7-2.0etch1
+	[etch] - uim 1:0.4.7-2.0etch1
 [December 5th, 2005] DTSA-23-1 centericq - buffer overflow
 	{CVE-2005-3863 }
-	- centericq 4.21.0-6.0etch1
+	[etch] - centericq 4.21.0-6.0etch1
 [December 5th, 2005] DTSA-24-1 inkscape - buffer overflow
 	{CVE-2005-3737 }
-	- inkscape 0.43-0.0etch1
+	[etch] - inkscape 0.43-0.0etch1
 [December 5th, 2005] DTSA-25-1 smb4k - access validation error
 	{CVE-2005-2851 }
-	- smb4k 0.6.4-0.0etch1
+	[etch] - smb4k 0.6.4-0.0etch1
 [December 5th, 2005] DTSA-26-1 trackballs - symlink attack
-	- trackballs 1.1.1-0.0etch1
+	[etch] - trackballs 1.1.1-0.0etch1
 [January 20th, 2006] DTSA-27-1 fuse - potential data corruption when installed seduid root
 	{CVE-2005-3531 }
-	- fuse 2.3.0-4.2etch1
+	[etch] - fuse 2.3.0-4.2etch1
 [January 25th, 2005] DTSA-28-1 gpdf - multiple vulnerabilities
 	{CVE-2005-2097 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628 }
-	- gpdf 2.10.0-1+etch1
+	[etch] - gpdf 2.10.0-1+etch1
 [June 15th, 2006] DTSA-29-1 blender - heap-based buffer overflow
 	{CVE-2005-4470 }
-	- blender 2.37a-1.1etch1
+	[etch] - blender 2.37a-1.1etch1
 [September 27th, 2006] DTSA-31-1 hyperestraier - cross-site request forgery (CSRF) vulnerability
 	{CVE-2006-3671 }
-	- hyperestraier 1.0.6-1.1etch1
+	[etch] - hyperestraier 1.0.6-1.1etch1
 [February 1st, 2007] DTSA-32-1 bcfg2 - programming error
-	- bcfg2 0.8.6.1-1.1etch1
+	[etch] - bcfg2 0.8.6.1-1.1etch1
 [February 12th, 2007] DTSA-33-1 wordpress - multiple vulnerabilities
 	{CVE-2007-0262 CVE-2007-0539 CVE-2007-0541 }
-	- wordpress 2.0.8-1
+	[etch] - wordpress 2.0.8-1
 [March 3rd, 2007] DTSA-34-1 wordpress - cross-site scripting
 	{CVE-2007-1049 }
-	- wordpress 2.0.9-1
+	[etch] - wordpress 2.0.9-1

Modified: lib/python/bugs.py
===================================================================
--- lib/python/bugs.py	2007-04-06 01:09:26 UTC (rev 5631)
+++ lib/python/bugs.py	2007-04-06 10:36:58 UTC (rev 5632)
@@ -895,11 +895,10 @@
         # Convert all package notes to notes for etch (testing).
         testing = debian_support.internRelease("etch")
         for n in bug.notes:
-            if n.release is not None:
+            if n.release is None:
                 self.raiseSyntaxError(
-                    "no release annotations allowed in DTSA files",
+                    "release annotations required in DTSA files",
                     lineno=bug.source_line)
-            n.release = testing
         return bug
 
 def test():

More information about the Secure-testing-commits mailing list