[Git][security-tracker-team/security-tracker][master] 2 commits: external-check: Handle vendor entries with additional vendor security prefix

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 10 10:58:54 BST 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8e7bfe8 by Salvatore Bonaccorso at 2023-04-10T11:30:38+02:00
external-check: Handle vendor entries with additional vendor security prefix

Additionally to the vendored entries addressed in d8b81d2818b3
("external-check: Handle vendor prefixed entries") some entries might be
of the form "UBUNTU:Ubuntu security $CVE", and the external check update
will bail out as:

	[...]
	<td>UBUNTU:Ubuntu Security CVE-2020-11935</td>
	UBUNTU.list contains garbage (see above), aborting

Allow the expression to contain additionall an additional text beweend
the vendor prefix and the CVE. Maybe we should simply match anything
beween a opening HTML tag, the CVE and a closing tag, filtering out the
CVE as better solution.

The idea behind this change is to really poinpoint any vendor entry in
the respective source-$vendor.html list.

Link: https://lists.debian.org/debian-security-tracker/2023/04/msg00003.html
Signed-off-by: Salvatore Bonaccorso <carnil at debian.org>

- - - - -
187cf038 by Salvatore Bonaccorso at 2023-04-10T09:58:49+00:00
Merge branch 'check-external-vendor-update' into 'master'

external-check: Handle vendor entries with additional vendor security prefix

See merge request security-tracker-team/security-tracker!130
- - - - -


1 changed file:

- check-external/update.sh


Changes:

=====================================
check-external/update.sh
=====================================
@@ -58,7 +58,7 @@ check_list cve.list
 # or as specified at the individual html files or elsewhere on cve.mitre.org's website
 for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
     wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
-    sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" source-$vendor.html |
+    sed -rn "/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?($vendor Security )?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\3/i;p}" source-$vendor.html |
 	sort -u > $vendor.list
     check_list $vendor.list
 done



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c65f6b54d0c84a946ed9a153174b1b03c209cd...187cf038d4e6ea18c8b6f2561fa7efa898168335

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/05c65f6b54d0c84a946ed9a153174b1b03c209cd...187cf038d4e6ea18c8b6f2561fa7efa898168335
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/99fae978/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list