[Git][security-tracker-team/security-tracker][master] 2 commits: external-check: Handle vendor prefixed entries

Tue, 17 Nov 2020 23:55:04 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8b81d28 by Salvatore Bonaccorso at 2020-11-18T08:42:48+01:00
external-check: Handle vendor prefixed entries

When the source-$VENDOR.html lists contain a vendor prefixed CVE entry
the external check update command will bail out:

    [...]
    <td>DEBIAN:CVE-2019-1010022</td>
    <td>DEBIAN:CVE-2019-1010023</td>
    <td>DEBIAN:CVE-2019-1010024</td>
    <td>DEBIAN:CVE-2019-1010025</td>
    DEBIAN.list contains garbage (see above), aborting

Allow the expression to contain a VENDOR: prefix and strip it out as
well.

Link: https://lists.debian.org/debian-security-tracker/2020/11/msg00014.html
Signed-off-by: Salvatore Bonaccorso <[email protected]>

- - - - -
27d2545a by Salvatore Bonaccorso at 2020-11-18T07:54:53+00:00
Merge branch 'external-check-vendor-prefix' into 'master'

external-check: Handle vendor prefixed entries

See merge request security-tracker-team/security-tracker!73
- - - - -


1 changed file:

- check-external/update.sh


Changes:

=====================================
check-external/update.sh
=====================================
@@ -58,7 +58,7 @@ check_list cve.list
 # or as specified at the individual html files or elsewhere on cve.mitre.org's 
website
 for vendor in SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU; do
     wget -N http://cve.mitre.org/data/refs/refmap/source-$vendor.html
-    sed -rn 
'/CVE-[12][0-9]{3}-/{s/^.+>(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\1/;p}' 
source-$vendor.html |
+    sed -rn 
"/CVE-[12][0-9]{3}-/{s/^.+>($vendor:)?(CVE-[12][0-9]{3}-[0-9]{4,})<.+$/\2/;p}" 
source-$vendor.html |
        sort -u > $vendor.list
     check_list $vendor.list
 done



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f9dec6868eb4f57b8680eee104023d18c0e2d19f...27d2545af68101c3c75b8835e61abb1bd754c246
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to