[Git][security-tracker-team/security-tracker][master] 3 commits: Modify SQL that generate JSON data inconsistent

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Wed Oct 1 10:22:03 BST 2025 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5df3b399 by Emmanuel Arias at 2025-07-11T08:42:17+02:00
Modify SQL that generate JSON data inconsistent

This commit update the debian_cve temporary view to get the package
id. With this, the SQL that calculate the /data/json can differentiate
package for each cve and bug bumber.

- - - - -
222ac5d2 by Emmanuel Arias at 2025-07-11T16:07:41+02:00
Apply Beuc suggestions

- - - - -
73d9eb1a by Emilio Pozuelo Monfort at 2025-10-01T09:22:00+00:00
Merge branch 'fix-6' into 'master'

JSON export: fix incorrect BTS references

Closes #6

See merge request security-tracker-team/security-tracker!227
- - - - -


1 changed file:

- lib/python/security_db.py


Changes:

=====================================
lib/python/security_db.py
=====================================
@@ -580,10 +580,9 @@ class DB:
 
         cursor.execute(
             """CREATE TEMPORARY VIEW debian_cve AS
-            SELECT debian_bugs.bug, st.bug_name
-            FROM package_notes, debian_bugs, source_package_status AS st
-            WHERE package_notes.bug_name = st.bug_name
-            AND debian_bugs.note = package_notes.id""")
+            SELECT debian_bugs.bug, bug_name, package
+            FROM package_notes JOIN debian_bugs
+            ON debian_bugs.note = package_notes.id""")
 
     def _initFunctions(self):
         """Registers user-defined SQLite functions."""
@@ -1895,8 +1894,9 @@ class DB:
                 """SELECT sp.name, st.bug_name,
                 (SELECT cve_desc FROM nvd_data
                 WHERE cve_name = st.bug_name),
-                (SELECT MIN(debian_cve.bug) FROM debian_cve
-                WHERE debian_cve.bug_name = st.bug_name),
+                (SELECT debian_cve.bug FROM debian_cve
+                WHERE debian_cve.bug_name = st.bug_name
+                AND debian_cve.package = sp.name),
                 sp.release, sp.subrelease,
                 sp.version,
                 (SELECT pn.fixed_version FROM package_notes AS pn



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b3dd7c155541e2c307c7d98c69d202c64ce0c227...73d9eb1a7b2fdf9fee3754193ccf7d0f9134e134

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b3dd7c155541e2c307c7d98c69d202c64ce0c227...73d9eb1a7b2fdf9fee3754193ccf7d0f9134e134
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251001/4282049d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list