[Git][security-tracker-team/security-tracker][master] 2 commits: Identify CVEs covered by a DLA and not a DSA

Fri, 11 Jul 2025 07:09:03 -0700 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
55d01a6e by Francois Lesueur at 2025-07-11T14:08:45+00:00
Identify CVEs covered by a DLA and not a DSA

Fixes https://salsa.debian.org/lts-team/lts-extra-tasks/-/issues/69

- - - - -
d74b1cc5 by Roberto C. Sánchez at 2025-07-11T14:08:45+00:00
Merge branch 'master' into 'master'

Identify CVEs covered by a DLA and not a DSA

See merge request security-tracker-team/security-tracker!220
- - - - -


2 changed files:

- bin/lts-cve-triage.py
- bin/tracker_data.py


Changes:

=====================================
bin/lts-cve-triage.py
=====================================
@@ -24,6 +24,7 @@ import re
 
 from tracker_data import TrackerData
 from unsupported_packages import UnsupportedPackages, LimitedSupportPackages
+from debian_support import PointUpdateParser
 
 import config
 
@@ -80,6 +81,8 @@ LIST_NAMES = (
      .format(**RELEASES)),
     ('undetermined',
      ('Undetermined issues in {lts}').format(**RELEASES)),
+    ('to_forward',
+     ('Issues fixed in {lts} but not in {next_lts}').format(**RELEASES)),
 )
 
 lists = collections.defaultdict(lambda: collections.defaultdict(lambda: []))
@@ -103,6 +106,7 @@ limited = LimitedSupportPackages(codename=RELEASES['lts'],
 unsupported_re = re.compile('|'.join(unsupported))
 limited_re = re.compile('|'.join(limited))
 
+pu_expected = PointUpdateParser.parseNextPointUpdateStable()
 
 def add_to_list(key, pkg, issue):
     assert key in [l[0] for l in LIST_NAMES]
@@ -114,6 +118,13 @@ for pkg in tracker.iterate_packages():
         status_in_lts = issue.get_status(RELEASES['lts'])
         status_in_next_lts = issue.get_status(RELEASES['next_lts'])
 
+        if ((status_in_lts.status == 'resolved' and status_in_lts.reason != 
'fixed in 0' and status_in_lts.urgency != 'unimportant')
+                and (status_in_next_lts.status not in ('resolved', 
'not-affected')
+                    and (status_in_next_lts.status != 'ignored' or 
issue.data['releases'].get(RELEASES['next_lts'], {}).get('nodsa_reason', 
'ignored') != 'ignored')
+                )
+                and issue.name not in pu_expected):
+            add_to_list('to_forward', pkg, issue)
+
         if status_in_lts.status in ('not-affected', 'resolved'):
             continue
 


=====================================
bin/tracker_data.py
=====================================
@@ -144,12 +144,13 @@ class TrackerData(object):
 
 class IssueStatus(object):
 
-    def __init__(self, status, reason=None):
+    def __init__(self, status, reason=None, urgency=None):
         self.status = status
         self.reason = reason
+        self.urgency = urgency
 
     def __str__(self):
-        return str((self.status, self.reason))
+        return str((self.status, self.reason, self.urgency))
 
 class Issue(object):
     '''Status of a security issue'''
@@ -160,6 +161,8 @@ class Issue(object):
 
     def get_status(self, release):
         data = self.data['releases'].get(release)
+        urgency = data['urgency'] if data else 'unimportant'
+
         if data is None:
             status = 'not-affected'
             # XXX: ask for data to differentiate between "package not in
@@ -187,4 +190,4 @@ class Issue(object):
         else:
             status = 'open'
             reason = 'nobody fixed it yet'
-        return IssueStatus(status, reason)
+        return IssueStatus(status, reason, urgency)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a9a5b668ae328355f065035cf0075d38d003bcd...d74b1cc52b0563c9dced6ba9eb19a8576557c6c3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3a9a5b668ae328355f065035cf0075d38d003bcd...d74b1cc52b0563c9dced6ba9eb19a8576557c6c3
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to