[Git][security-tracker-team/security-tracker][master] 2 commits: Identify CVEs covered by a DLA and not a DSA
Roberto C. Sánchez (@roberto)
roberto at debian.org
Fri Jul 11 15:08:49 BST 2025
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55d01a6e by Francois Lesueur at 2025-07-11T14:08:45+00:00
Identify CVEs covered by a DLA and not a DSA
Fixes https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/69
- - - - -
d74b1cc5 by Roberto C. Sánchez at 2025-07-11T14:08:45+00:00
Merge branch 'master' into 'master'
Identify CVEs covered by a DLA and not a DSA
See merge request security-tracker-team/security-tracker!220
- - - - -
2 changed files:
- bin/lts-cve-triage.py
- bin/tracker_data.py
Changes:
=====================================
bin/lts-cve-triage.py
=====================================
@@ -24,6 +24,7 @@ import re
from tracker_data import TrackerData
from unsupported_packages import UnsupportedPackages, LimitedSupportPackages
+from debian_support import PointUpdateParser
import config
@@ -80,6 +81,8 @@ LIST_NAMES = (
.format(**RELEASES)),
('undetermined',
('Undetermined issues in {lts}').format(**RELEASES)),
+ ('to_forward',
+ ('Issues fixed in {lts} but not in {next_lts}').format(**RELEASES)),
)
lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
@@ -103,6 +106,7 @@ limited = LimitedSupportPackages(codename=RELEASES['lts'],
unsupported_re = re.compile('|'.join(unsupported))
limited_re = re.compile('|'.join(limited))
+pu_expected = PointUpdateParser.parseNextPointUpdateStable()
def add_to_list(key, pkg, issue):
assert key in [l[0] for l in LIST_NAMES]
@@ -114,6 +118,13 @@ for pkg in tracker.iterate_packages():
status_in_lts = issue.get_status(RELEASES['lts'])
status_in_next_lts = issue.get_status(RELEASES['next_lts'])
+ if ((status_in_lts.status == 'resolved' and status_in_lts.reason != 'fixed in 0' and status_in_lts.urgency != 'unimportant')
+ and (status_in_next_lts.status not in ('resolved', 'not-affected')
+ and (status_in_next_lts.status != 'ignored' or issue.data['releases'].get(RELEASES['next_lts'], {}).get('nodsa_reason', 'ignored') != 'ignored')
+ )
+ and issue.name not in pu_expected):
+ add_to_list('to_forward', pkg, issue)
+
if status_in_lts.status in ('not-affected', 'resolved'):
continue
=====================================
bin/tracker_data.py
=====================================
@@ -144,12 +144,13 @@ class TrackerData(object):
class IssueStatus(object):
- def __init__(self, status, reason=None):
+ def __init__(self, status, reason=None, urgency=None):
self.status = status
self.reason = reason
+ self.urgency = urgency
def __str__(self):
- return str((self.status, self.reason))
+ return str((self.status, self.reason, self.urgency))
class Issue(object):
'''Status of a security issue'''
@@ -160,6 +161,8 @@ class Issue(object):
def get_status(self, release):
data = self.data['releases'].get(release)
+ urgency = data['urgency'] if data else 'unimportant'
+
if data is None:
status = 'not-affected'
# XXX: ask for data to differentiate between "package not in
@@ -187,4 +190,4 @@ class Issue(object):
else:
status = 'open'
reason = 'nobody fixed it yet'
- return IssueStatus(status, reason)
+ return IssueStatus(status, reason, urgency)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a9a5b668ae328355f065035cf0075d38d003bcd...d74b1cc52b0563c9dced6ba9eb19a8576557c6c3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a9a5b668ae328355f065035cf0075d38d003bcd...d74b1cc52b0563c9dced6ba9eb19a8576557c6c3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250711/8609365f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list