[Git][security-tracker-team/security-tracker][master] LTS: triage asterisk

Anton Gladky (@gladk) gladk at debian.org
Thu Apr 21 07:24:13 BST 2022



Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3fceb4e2 by Anton Gladky at 2022-04-21T08:23:59+02:00
LTS: triage asterisk

- - - - -


2 changed files:

- bin/lts-cve-triage.py
- data/dla-needed.txt


Changes:

=====================================
bin/lts-cve-triage.py
=====================================
@@ -64,6 +64,9 @@ LIST_NAMES = (
     ('triage_possible_easy_fixes',
      ('Issues not yet triaged for {lts}, but already fixed in {next_lts}')
      .format(**RELEASES)),
+    ('triage_possible_missed_fixes',
+     ('Issues postponed for {lts}, but fixed in {next_lts} via DSA or point releases')
+     .format(**RELEASES)),
     ('triage_other_not_triaged_in_next_lts',
      ('Other issues to triage for {lts} (not yet triaged for {next_lts})')
      .format(**RELEASES)),
@@ -153,11 +156,20 @@ for pkg in tracker.iterate_packages():
 
                 if status_in_next_lts.status == 'resolved':
                     add_to_list('possible_easy_fixes', pkg, issue)
-
+        # <no-dsa>/<postponed>/<ignored>/<unimportant>/<undetermined>
         elif status_in_lts.status == 'ignored':
             if (status_in_lts.reason == 'no-dsa' and
                     status_in_next_lts.status == 'open'):
                 add_to_list('unexpected_nodsa', pkg, issue)
+            elif (status_in_lts.reason == 'no-dsa' and
+                    status_in_next_lts.status == 'resolved'):
+                # include fixes from DSA or stable/oldstable point releases
+                # exclude issues explicitly ignored, and old fixes back in unstable
+                nodsa_reason = issue.data['releases'][RELEASES['lts']]['nodsa_reason']
+                fixed_version = issue.data['releases'][RELEASES['next_lts']]['fixed_version']
+                if (nodsa_reason != 'ignored' and
+                    ('~deb' in fixed_version or '+deb' in fixed_version)):
+                    add_to_list('triage_possible_missed_fixes', pkg, issue)
             elif status_in_lts.reason == 'undetermined':
                 add_to_list('undetermined', pkg, issue)
 


=====================================
data/dla-needed.txt
=====================================
@@ -22,6 +22,8 @@ ansible
   NOTE: 20210411: after that LTS. (apo)
   NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
 --
+asterisk
+--
 ckeditor
   NOTE: 20220402: multiple pendings vulnerabilities (Beuc)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fceb4e21a287674f166442ed8f5e563010710ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fceb4e21a287674f166442ed8f5e563010710ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/8c3d1c63/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list