Ines Almeida has proposed merging ~ines-almeida/launchpad:svt-move-test-files into launchpad:master with ~ines-almeida/launchpad:svt-refactor-exports as a prerequisite.
Commit message: Move UCT test files to make directory consistent This makes it so that SOSS and UCT records have their own tests in separate directories Requested reviews: Launchpad code reviewers (launchpad-reviewers) For more details, see: https://code.launchpad.net/~ines-almeida/launchpad/+git/launchpad/+merge/493467 This is just a file moving with no other change. All tests in bugs/scripts/tests passed -- Your team Launchpad code reviewers is requested to review the proposed merge of ~ines-almeida/launchpad:svt-move-test-files into launchpad:master.
diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255 new file mode 100644 index 0000000..db2403d --- /dev/null +++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255 @@ -0,0 +1,61 @@ +PublicDate: 2007-01-16 23:28:00 UTC +Candidate: CVE-2007-0255 +References: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255 + http://xine.sourceforge.net/security +Description: + XINE 0.99.4 allows user-assisted remote attackers to cause a denial of + service (application crash) and possibly execute arbitrary code via a + certain M3U file that contains a long #EXTINF line and contains format + string specifiers in an invalid udp:// URI, possibly a variant of + CVE-2007-0017. +Ubuntu-Description: +Notes: + sbeattie> issue is unlisted on xine upstream website +Priority: medium +Bugs: +Discovered-by: +Assigned-to: +CVSS: + +Patches_xine-ui: +upstream_xine-ui: needs-triage +dapper_xine-ui: ignored (reached end-of-life) +edgy_xine-ui: needed (reached end-of-life) +feisty_xine-ui: needed (reached end-of-life) +gutsy_xine-ui: needed (reached end-of-life) +hardy_xine-ui: ignored (reached end-of-life) +intrepid_xine-ui: needed (reached end-of-life) +jaunty_xine-ui: ignored (reached end-of-life) +karmic_xine-ui: ignored (reached end-of-life) +lucid_xine-ui: ignored (reached end-of-life) +maverick_xine-ui: ignored (reached end-of-life) +natty_xine-ui: ignored (reached end-of-life) +oneiric_xine-ui: ignored (reached end-of-life) +precise_xine-ui: ignored (reached end-of-life) +precise/esm_xine-ui: DNE (precise was needed) +quantal_xine-ui: ignored (reached end-of-life) +raring_xine-ui: ignored (reached end-of-life) +saucy_xine-ui: ignored (reached end-of-life) +trusty_xine-ui: ignored (reached end-of-life) +trusty/esm_xine-ui: DNE (trusty was needed) +utopic_xine-ui: ignored (reached end-of-life) +vivid_xine-ui: ignored (reached end-of-life) +vivid/stable-phone-overlay_xine-ui: DNE +vivid/ubuntu-core_xine-ui: DNE +wily_xine-ui: ignored (reached end-of-life) +xenial_xine-ui: ignored (end of standard support, was needed) +yakkety_xine-ui: ignored (reached end-of-life) +zesty_xine-ui: ignored (reached end-of-life) +artful_xine-ui: ignored (reached end-of-life) +bionic_xine-ui: needed +cosmic_xine-ui: ignored (reached end-of-life) +disco_xine-ui: ignored (reached end-of-life) +eoan_xine-ui: ignored (reached end-of-life) +focal_xine-ui: needed +groovy_xine-ui: ignored (reached end-of-life) +hirsute_xine-ui: ignored (reached end-of-life) +impish_xine-ui: ignored (reached end-of-life) +jammy_xine-ui: needed +kinetic_xine-ui: needed +devel_xine-ui: needed \ No newline at end of file diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222 new file mode 100644 index 0000000..8c8a836 --- /dev/null +++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222 @@ -0,0 +1,47 @@ +PublicDateAtUSN: 2022-01-14 08:15:00 UTC +Candidate: CVE-2022-23222 +PublicDate: 2022-01-14 08:15:00 UTC +References: + https://ubuntu.com/security/notices/USN-5368-1 +Description: + kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local + users to gain privileges because of the availability of pointer arithmetic + via certain *_OR_NULL pointer types. +Ubuntu-Description: + It was discovered that the BPF verifier in the Linux kernel did not + properly restrict pointer types in certain situations. A local attacker + could use this to cause a denial of service (system crash) or possibly + execute arbitrary code. +Notes: + sbeattie> Ubuntu 21.10 / 5.13+ kernels disable unprivileged BPF by default. + kernels 5.8 and older are not affected, priority high is for + 5.10 and 5.11 based kernels only +Mitigation: + seth-arnold> set kernel.unprivileged_bpf_disabled to 1 +Bugs: + https://github.com/mm2/Little-CMS/issues/29 + https://github.com/mm2/Little-CMS/issues/30 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745471 +Priority: critical +Discovered-by: tr3e wang +Assigned-to: +Tags: cisa-kev +CVSS: + nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH] + +Patches_linux: + break-fix: 457f44363a8894135c85b7a9afd2bd8196db24ab c25b2ae136039ffa820c26138ed4a5e5f3ab3841|local-CVE-2022-23222-fix + upstream: https://github.com/389ds/389-ds-base/commit/58dbf084a63e6dbbd999bf6a70475fad8255f26a (1.4.4) + upstream: https://github.com/389ds/389-ds-base/commit/2e5b526012612d1d6ccace46398bee679a730271 +upstream_linux: released (5.17~rc1) +impish_linux: released (5.13.0-37.42) +devel_linux: not-affected (5.15.0-25.25) +Priority_linux_impish: medium +Priority_linux_devel: medium +Tags_linux: not-ue + +Patches_linux-hwe: +upstream_linux-hwe: released (5.17~rc1) +impish_linux-hwe: DNE +devel_linux-hwe: DNE +Priority_linux-hwe: high diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219 new file mode 100644 index 0000000..14aaa73 --- /dev/null +++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219 @@ -0,0 +1,43 @@ +Candidate: CVE-2022-3219 +PublicDate: 2022-09-28 +References: + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219 + https://access.redhat.com/security/cve/CVE-2022-3219 + https://marc.info/?l=oss-security&m=165696590211434&w=4 +Description: + gnupg: denial of service issue (resource consumption) using compressed + packets +Ubuntu-Description: +Notes: + mdeslaur> per the upstream gnupg bug, the change will not be applied + mdeslaur> as of 2022-09-28, proposed patch has not been accepted by + mdeslaur> upstream developers +Mitigation: +Bugs: + https://dev.gnupg.org/T5993 +Priority: low +Discovered-by: +Assigned-to: +CVSS: + +Patches_gnupg: +upstream_gnupg: needs-triage +esm-infra/xenial_gnupg: deferred (2022-09-28) +trusty_gnupg: ignored (out of standard support) +xenial_gnupg: ignored (out of standard support) +bionic_gnupg: DNE +focal_gnupg: DNE +jammy_gnupg: DNE +trusty/esm_gnupg: deferred (2022-09-28) + +Patches_gnupg2: + other: https://dev.gnupg.org/D556 +upstream_gnupg2: needs-triage +esm-infra/xenial_gnupg2: deferred (2022-09-28) +trusty_gnupg2: ignored (out of standard support) +xenial_gnupg2: ignored (end of standard support) +bionic_gnupg2: deferred (2022-09-28) +focal_gnupg2: deferred (2022-09-28) +jammy_gnupg2: deferred (2022-09-28) +kinetic_gnupg2: deferred (2022-09-28) +devel_gnupg2: deferred (2022-09-28) \ No newline at end of file diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637 new file mode 100644 index 0000000..8b88352 --- /dev/null +++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637 @@ -0,0 +1,28 @@ +Candidate: CVE-2023-32637 +PublicDate: 2023-07-25 06:15:00 UTC +References: + https://jvn.jp/en/jp/JVN35897618/ + https://jbrowse.org/jb2/ + http://gmod.org/wiki/GBrowse + https://www.cve.org/CVERecord?id=CVE-2023-32637 +Description: + GBrowse accepts files with any formats uploaded and places them in the area + accessible through unauthenticated web requests. Therefore, anyone who can + upload files through the product may execute arbitrary code on the server. +Ubuntu-Description: +Notes: + ccdm94> this has likely been fixed in all 2.x versions. +Bugs: +Priority: high + This has a high priority because it is a vulnerability that allows a remote + attacker to execute code in a machine, and it looks to be easily exploitable + given that it involves regular functionalities provided by the application. +Discovered-by: +Assigned-to: +CVSS: + nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] + +Patches_gbrowse: +upstream_gbrowse: released (2.56+dfsg-1) +trusty_gbrowse: ignored (end of standard support) +xenial_gbrowse: ignored (end of standard support) diff --git a/lib/lp/bugs/scripts/tests/test_uct.py b/lib/lp/bugs/scripts/uct/tests/test_uct.py similarity index 100% rename from lib/lp/bugs/scripts/tests/test_uct.py rename to lib/lp/bugs/scripts/uct/tests/test_uct.py diff --git a/lib/lp/bugs/scripts/tests/test_uctimport.py b/lib/lp/bugs/scripts/uct/tests/test_uctimport.py similarity index 100% rename from lib/lp/bugs/scripts/tests/test_uctimport.py rename to lib/lp/bugs/scripts/uct/tests/test_uctimport.py
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
