[Git][security-tracker-team/security-tracker][master] check-advisory-cve-ids: merge CVEFile entries with CVEExtendFile's rather than overwriting them

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Tue Nov 18 15:38:32 GMT 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b830cd1 by Sylvain Beucler at 2025-11-18T16:38:16+01:00
check-advisory-cve-ids: merge CVEFile entries with CVEExtendFile's rather than overwriting them

See #43

- - - - -


1 changed file:

- bin/check-advisory-cve-ids


Changes:

=====================================
bin/check-advisory-cve-ids
=====================================
@@ -17,6 +17,7 @@
 
 import argparse
 import os
+from collections import defaultdict
 
 import setup_paths
 import debian_support
@@ -51,7 +52,7 @@ print("Checking CVE IDs...")
 # If a package is <not-affected> globally or for any DISTS, drop it (i.e. warn)
 cve_files = [ s['path'] for s in debian_support.getconfig()['sources']
               if s['class'] in ['CVEFile','CVEExtendFile'] ]
-valid_packages={}
+valid_packages=defaultdict(set)
 for path in cve_files:
     cve_entries = parsers.cvelist(os.path.dirname(__file__)
                                   + '/../data' + path)  # path=='/data/xxx/list'
@@ -67,7 +68,8 @@ for path in cve_files:
             if (ann.type == 'package' and ann.release in dists + [None]
                     and ann.kind == 'not-affected'):
                 not_affected.add(ann.package)
-        valid_packages[cve_id] = linked_packages - not_affected
+        valid_packages[cve_id] |= linked_packages
+        valid_packages[cve_id] -= not_affected
 
 # Warn about mismatches
 valid = True



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b830cd13d721670b6a7fce72c1d038ba5be99c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b830cd13d721670b6a7fce72c1d038ba5be99c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251118/dac15c4b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list