[Git][security-tracker-team/security-tracker][master] 2 commits: external-check: Handle vendor prefixed entries
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 18 07:54:57 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8b81d28 by Salvatore Bonaccorso at 2020-11-18T08:42:48+01:00
external-check: Handle vendor prefixed entries
When the source-$VENDOR.html lists contain a vendor prefixed CVE entry
the external check update command will bail out:
[...]
<td>DEBIAN:CVE-2019-1010022</td>
<td>DEBIAN:CVE-2019-1010023</td>
<td>DEBIAN:CVE-2019-1010024</td>
<td>DEBIAN:CVE-2019-1010025</td>
DEBIAN.list contains garbage (see above), aborting
Allow the expression to contain a VENDOR: prefix and strip it out as
well.
Link: https://lists.debian.org/debian-security-tracker/2020/11/msg00014.html
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>
- - - - -
27d2545a by Salvatore Bonaccorso at 2020-11-18T07:54:53+00:00
Merge branch 'external-check-vendor-prefix' into 'master'
external-check: Handle vendor prefixed entries
See merge request security-tracker-team/security-tracker!73
- - - - -
1 changed file:
- check-external/update.sh
Changes:
=====================================
check-external/update.sh
=====================================
@@ -58,7 +58,7 @@ check_list cve.list
# or as specified at the individual html files or elsewhere on cve.mitre.org's website
for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
- sed -rn '/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\1/;p}' source-$vendor.html |
+ sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" source-$vendor.html |
sort -u > $vendor.list
check_list $vendor.list
done
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201118/dfb1344a/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list