[Spacewalk-devel] [PATCH] broken CVE URL in updateinfo.xml generated by spacewalk

Tue, 21 Jan 2014 02:54:33 -0800 

Hi,

just found a bug which cause CVE references in updateinfo.xml.gz files look 
like this:


<reference 
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=com.redhat.rhn.domain.errata.Cve@3e28377d";
 id="CVE-1999-9999" type="cve"/>

The attached patch should fix this.

-- 
Regards

        Michael Calmer

--------------------------------------------------------------------------
Michael Calmer
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
T: +49 (0) 911 74053 0
F: +49 (0) 911 74053575  - e-mail: michael.cal...@suse.com
--------------------------------------------------------------------------
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer
HRB 16746 (AG Nürnberg)

>From 0613fb443f2c9a0cf164444606cbde2328420d21 Mon Sep 17 00:00:00 2001
From: Michael Calmer <m...@suse.de>
Date: Tue, 21 Jan 2014 11:29:24 +0100
Subject: [PATCH] fix CVE URL in updateinfo references

---
 .../src/com/redhat/rhn/taskomatic/task/repomd/UpdateInfoWriter.java  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/UpdateInfoWriter.java b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/UpdateInfoWriter.java
index fcd465b..9654085 100644
--- a/java/code/src/com/redhat/rhn/taskomatic/task/repomd/UpdateInfoWriter.java
+++ b/java/code/src/com/redhat/rhn/taskomatic/task/repomd/UpdateInfoWriter.java
@@ -241,11 +241,12 @@ public class UpdateInfoWriter extends RepomdWriter {
         iter = erratum.getCves().iterator();
         while (iter.hasNext()) {
             Cve cve = (Cve) iter.next();
+            String cveid = sanitize(0L, cve.getName());
 
             SimpleAttributesImpl attr = new SimpleAttributesImpl();
             attr.addAttribute("href",
-                    "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name="; + cve);
-            attr.addAttribute("id", sanitize(0L, cve.getName()));
+                    "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name="; + cveid);
+            attr.addAttribute("id", cveid);
             attr.addAttribute("type", "cve");
             handler.startElement("reference", attr);
             handler.endElement("reference");
-- 
1.8.1.4


_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

Reply via email to