Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7838c85c by Emilio Pozuelo Monfort at 2023-03-20T17:00:21+01:00
merge-cve-files: fix crash when there's an experimental tag
If CVE/list has a CVE such as:
CVE-2023-1234
[experimental] - foo 1.0-1
- foo 1.0-2
And we attempt to fix an annotation such as
CVE-2023-1234
[bullseye] - foo 0.1-1+deb11u1
that will crash when we are iterating over the experimental annotation
as next_annotation would be the sid one with release==None, and we would
be comparing internRelease(bullseye) with internRelease(None), which
is not supported.
This is happening with the current data/next-point-update.txt
- - - - -
1 changed file:
- bin/merge-cve-files
Changes:
=====================================
bin/merge-cve-files
=====================================
@@ -87,6 +87,13 @@ def merge_annotations(annotations, new_annotation):
annotations[idx] = new_annotation
break
+ # if we found an experimental annotation, it will be followed by a
'sid'
+ # one, so next_annotation.release will be None in the next case. That
+ # comparison will break, so we avoid it by continuing. If
new_annotation
+ # was for experimental, we would have already replaced it in the above
check.
+ if annotation.release == 'experimental':
+ continue
+
# if the next annotation's release is the same, we continue to replace
# it in the next iteration. otherwise if we found the right place, we
# insert the new annotation
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7838c85c6f748fd9bc92a01dcd1d81ab36c2f991
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7838c85c6f748fd9bc92a01dcd1d81ab36c2f991
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
