[Git][security-tracker-team/security-tracker][master] merge-cve-files: fix crash when there's an experimental tag
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Mon Mar 20 16:01:03 GMT 2023
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7838c85c by Emilio Pozuelo Monfort at 2023-03-20T17:00:21+01:00
merge-cve-files: fix crash when there's an experimental tag
If CVE/list has a CVE such as:
CVE-2023-1234
[experimental] - foo 1.0-1
- foo 1.0-2
And we attempt to fix an annotation such as
CVE-2023-1234
[bullseye] - foo 0.1-1+deb11u1
that will crash when we are iterating over the experimental annotation
as next_annotation would be the sid one with release==None, and we would
be comparing internRelease(bullseye) with internRelease(None), which
is not supported.
This is happening with the current data/next-point-update.txt
- - - - -
1 changed file:
- bin/merge-cve-files
Changes:
=====================================
bin/merge-cve-files
=====================================
@@ -87,6 +87,13 @@ def merge_annotations(annotations, new_annotation):
annotations[idx] = new_annotation
break
+ # if we found an experimental annotation, it will be followed by a 'sid'
+ # one, so next_annotation.release will be None in the next case. That
+ # comparison will break, so we avoid it by continuing. If new_annotation
+ # was for experimental, we would have already replaced it in the above check.
+ if annotation.release == 'experimental':
+ continue
+
# if the next annotation's release is the same, we continue to replace
# it in the next iteration. otherwise if we found the right place, we
# insert the new annotation
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7838c85c6f748fd9bc92a01dcd1d81ab36c2f991
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7838c85c6f748fd9bc92a01dcd1d81ab36c2f991
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230320/4c722f8f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list