[Git][security-tracker-team/security-tracker][master] LTS: triage asterisk
Anton Gladky (@gladk)
gladk at debian.org
Thu Apr 21 07:24:13 BST 2022
Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3fceb4e2 by Anton Gladky at 2022-04-21T08:23:59+02:00
LTS: triage asterisk
- - - - -
2 changed files:
- bin/lts-cve-triage.py
- data/dla-needed.txt
Changes:
=====================================
bin/lts-cve-triage.py
=====================================
@@ -64,6 +64,9 @@ LIST_NAMES = (
('triage_possible_easy_fixes',
('Issues not yet triaged for {lts}, but already fixed in {next_lts}')
.format(**RELEASES)),
+ ('triage_possible_missed_fixes',
+ ('Issues postponed for {lts}, but fixed in {next_lts} via DSA or point releases')
+ .format(**RELEASES)),
('triage_other_not_triaged_in_next_lts',
('Other issues to triage for {lts} (not yet triaged for {next_lts})')
.format(**RELEASES)),
@@ -153,11 +156,20 @@ for pkg in tracker.iterate_packages():
if status_in_next_lts.status == 'resolved':
add_to_list('possible_easy_fixes', pkg, issue)
-
+ # <no-dsa>/<postponed>/<ignored>/<unimportant>/<undetermined>
elif status_in_lts.status == 'ignored':
if (status_in_lts.reason == 'no-dsa' and
status_in_next_lts.status == 'open'):
add_to_list('unexpected_nodsa', pkg, issue)
+ elif (status_in_lts.reason == 'no-dsa' and
+ status_in_next_lts.status == 'resolved'):
+ # include fixes from DSA or stable/oldstable point releases
+ # exclude issues explicitly ignored, and old fixes back in unstable
+ nodsa_reason = issue.data['releases'][RELEASES['lts']]['nodsa_reason']
+ fixed_version = issue.data['releases'][RELEASES['next_lts']]['fixed_version']
+ if (nodsa_reason != 'ignored' and
+ ('~deb' in fixed_version or '+deb' in fixed_version)):
+ add_to_list('triage_possible_missed_fixes', pkg, issue)
elif status_in_lts.reason == 'undetermined':
add_to_list('undetermined', pkg, issue)
=====================================
data/dla-needed.txt
=====================================
@@ -22,6 +22,8 @@ ansible
NOTE: 20210411: after that LTS. (apo)
NOTE: 20210426: https://people.debian.org/~apo/lts/ansible/
--
+asterisk
+--
ckeditor
NOTE: 20220402: multiple pendings vulnerabilities (Beuc)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fceb4e21a287674f166442ed8f5e563010710ff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fceb4e21a287674f166442ed8f5e563010710ff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220421/8c3d1c63/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list