Package: security-tracker Severity: normal Hi, CVE-2015-7496 is currently marked as not-affected in squeeze in data/CVE/list. The returned JSON for squeeze looks like:
"CVE-2015-7496": { "description": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.", "releases": { ... "squeeze": { "fixed_version": "0", "repositories": { "squeeze": "2.30.5-6squeeze5", "squeeze-security": "2.30.5-6squeeze2" }, "status": "resolved", "urgency": "unimportant" }, ... } tracker_data.py then interprets this as elif data['status'] == 'resolved': status = 'resolved' reason = 'fixed in {}'.format( self.data['releases'][release]['fixed_version']) instead of the expected not-affected (see attached example). Since the tracker_server doesn't seem to know about "not-affected" I wonder if this should be fixed in tracker_data or the tracker_service? Cheers, -- Guido
#!/usr/bin/python import sys from tracker_data import TrackerData tracker = TrackerData(update_cache=False) for pkg in tracker.iterate_packages(): if pkg == 'gdm3': for issue in tracker.iterate_pkg_issues(pkg): status = issue.get_status('lts') if issue.name == 'CVE-2015-7496': print "%s: %s %s %s" % (pkg, issue.name, status.status, status.reason)