[Git][security-tracker-team/security-tracker][master] 2 commits: bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages…

Fri Aug 31 22:09:05 BST 2018

Mike Gabriel pushed to branch master at Debian Security Tracker / security-tracker


Commits:
774eb447 by Mike Gabriel at 2018-08-31T21:07:32Z
bin/gen-DSA: Fix package removal from the needed_file. Don't remove packages starting with the same string as the to be removed package.

 Before this patch (spice was to be removed, spice-gtk got removed, too).

 ```
 diff --git a/data/dla-needed.txt b/data/dla-needed.txt
 index 106dbb0477..a8e6526c01 100644
 --- a/data/dla-needed.txt
 +++ b/data/dla-needed.txt
 @@ -99,12 +99,6 @@ qemu (Santiago)
  --
  samba (Holger Levsen)
  --
 -spice (Mike Gabriel)
 -  NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
 ---
 -spice-gtk (Mike Gabriel)
 -  NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
 ---
  suricata (Thorsten Alteholz)
  --
  symfony (Thorsten Alteholz)
 ```

 With this patch (only spice gets removed, spice-gtk stays):

 ```

- - - - -
ec38e10e by Mike Gabriel at 2018-08-31T21:08:57Z
Reserve DLA-1486-1 for spice

- - - - -


3 changed files:

- bin/gen-DSA
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
bin/gen-DSA
=====================================
@@ -386,7 +386,7 @@ EOF
     cat $daid_entry data/$IDMODE/list > $tmp_list
     cat $tmp_list > data/$IDMODE/list
     rm -f $tmp_list
-    sed -rn '/^'"$PACKAGE"'\b/{: next;n;/^\s/b next;d};p' $needed_file > $needed_file.new
+    sed -rn '/^'"$PACKAGE"'(\s.*|$)\b/{: next;n;/^\s/b next;d};p' $needed_file > $needed_file.new
     mv $needed_file.new $needed_file
     echo "$IDMODE text written to ./$IDMODE-$DAID"
     if [ "$IDMODE" = "DLA" ] || [ "$IDMODE" = "ELA" ]; then


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Aug 2018] DLA-1486-1 spice - security update
+	{CVE-2018-10873}
+	[jessie] - spice 0.12.5-1+deb8u6
 [30 Aug 2018] DLA-1485-1 bind9 - security update
 	{CVE-2018-5740}
 	[jessie] - bind9 1:9.9.5.dfsg-9+deb8u16


=====================================
data/dla-needed.txt
=====================================
@@ -99,9 +99,6 @@ qemu (Santiago)
 --
 samba (Holger Levsen)
 --
-spice (Mike Gabriel)
-  NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
---
 spice-gtk (Mike Gabriel)
   NOTE: 20180819: Patch is possibly incomplete. See http://www.openwall.com/lists/oss-security/2018/08/17/2 (Brian May)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1b240be9e116fe469881c3def8a8b5a18c54000a...ec38e10ec1289c204c18999585bcbf7967ad7413

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/1b240be9e116fe469881c3def8a8b5a18c54000a...ec38e10ec1289c204c18999585bcbf7967ad7413
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180831/a8de475a/attachment-0001.html>
