[Secure-testing-commits] r32714 - bin
Holger Levsen
holger at moszumanska.debian.org
Mon Mar 9 17:05:58 UTC 2015
Author: holger
Date: 2015-03-09 17:05:58 +0000 (Mon, 09 Mar 2015)
New Revision: 32714
Modified:
bin/tracker_service.py
Log:
json output: correctly included fixed version(s), which can be different by suite and from the current version(s). helpfully the package_notes table only includes release names if this bug already has been fixed for oher releases...
Modified: bin/tracker_service.py
===================================================================
--- bin/tracker_service.py 2015-03-09 17:05:56 UTC (rev 32713)
+++ bin/tracker_service.py 2015-03-09 17:05:58 UTC (rev 32714)
@@ -1240,18 +1240,25 @@
subreleases = {}
repositories = {}
version = {}
+ fixed_version = {}
status = {}
urgency = {}
nodsa = {}
supported_releases = ('sid', 'jessie', 'wheezy', 'squeeze')
- for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_status, db_urgency, db_remote, db_nodsa) in self.db.cursor().execute(
+ for (pkg, issue, desc, debianbug, release, subrelease, db_version, db_fixed_version, db_status, db_urgency, db_remote, db_nodsa) in self.db.cursor().execute(
"""SELECT sp.name, st.bug_name,
(SELECT cve_desc FROM nvd_data
WHERE cve_name = st.bug_name),
(SELECT debian_cve.bug FROM debian_cve
WHERE debian_cve.bug_name = st.bug_name
ORDER BY debian_cve.bug),
- sp.release, sp.subrelease, sp.version, st.vulnerable, st.urgency,
+ sp.release, sp.subrelease,
+ sp.version,
+ (SELECT pn.fixed_version FROM package_notes AS pn
+ WHERE pn.bug_name = st.bug_name
+ AND pn.package = sp.name AND
+ (pn.release = sp.release OR (pn.release = '' AND fixed_version != ''))),
+ st.vulnerable, st.urgency,
(SELECT range_remote FROM nvd_data
WHERE cve_name = st.bug_name),
(SELECT comment FROM package_notes_nodsa AS nd
@@ -1263,6 +1270,9 @@
OR sp.release = ? )
ORDER BY sp.name, st.bug_name, sp.release, sp.subrelease""" , supported_releases):
+ ### to ease debugging...:
+ #if issue in ('CVE-2012-6656','CVE-2014-8738','CVE-2013-6673') :
+ # print pkg, issue, release, subrelease, db_version, db_fixed_version, db_status
if pkg not in packages:
packages.append(pkg)
issues[pkg] = []
@@ -1272,6 +1282,7 @@
subreleases[pkg] = {}
repositories[pkg] = {}
version[pkg] = {}
+ fixed_version[pkg] = {}
status[pkg] = {}
urgency[pkg] = {}
nodsa[pkg] = {}
@@ -1284,6 +1295,7 @@
subreleases[pkg][issue] = []
repositories[pkg][issue] = []
version[pkg][issue] = {}
+ fixed_version[pkg][issue] = {}
status[pkg][issue] = {}
urgency[pkg][issue] = {}
nodsa[pkg][issue] = {}
@@ -1297,6 +1309,7 @@
if repository not in repositories[pkg][issue]:
repositories[pkg][issue].append(repository)
version[pkg][issue][repository] = db_version
+ fixed_version[pkg][issue][repository] = db_fixed_version
status[pkg][issue][repository] = db_status
urgency[pkg][issue][repository] = db_urgency
if str(db_nodsa) != 'None':
@@ -1345,12 +1358,13 @@
data.append(' "'+release+'": [\n')
data.append(' {\n')
data.append(' "repository": "'+repository+'",\n')
- data.append(' "version": "'+version[pkg][issue][repository]+'",\n')
if status[pkg][issue][repository] == 0:
# 1 = vulnerable, 2 = undetermined
data.append(' "status": "resolved",\n')
+ data.append(' "version": "'+fixed_version[pkg][issue][repository]+'",\n')
else:
data.append(' "status": "open",\n')
+ data.append(' "version": "'+version[pkg][issue][repository]+'",\n')
# urgency really differs by suite for some CVEs
# also, the urgency field holds the 'end-of-life' information
data.append(' "urgency": "'+urgency[pkg][issue][repository]+'",\n')
More information about the Secure-testing-commits
mailing list