On Mon, 16 Mar 2015, Raphael Hertzog wrote: > On Mon, 09 Mar 2015, Holger Levsen wrote: > > I have deployed this now. It might be that fixed_version=0 means "not > > affected" but i'm not sure yet and my mind wants a break (for a moment)... > > Another nice thing to add in the generated file is whether the package is > listed in dsa-needed.txt and dla-needed.txt. > > That would be two boolean fields at the source package level (default value > of False if missing).
I'm currently trying to use the generated json but the data below the releases field doesn't correspond to what we discussed. It contains entries like wheezy-security or squeeze-security when it was supposed to have only the underlying release names "squeeze" or "wheezy". Example with CVE-2014-9663 in freetype if you need one: { "debianbug": 777656, "description": "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.", "issue": "CVE-2014-9663", "releases": { "jessie": { "status": "resolved", "urgency": "high**", "version": "2.5.2-3" }, "sid": { "status": "resolved", "urgency": "high**", "version": "2.5.2-3" }, "squeeze-security": { "status": "open", "urgency": "high**", "version": "2.4.2-2.1+squeeze4" }, "wheezy-security": { "status": "resolved", "urgency": "high**", "version": "2.4.9-1.1+deb7u1" } }, "repositories": { "jessie": "2.5.2-3", "sid": "2.5.2-4", "squeeze": "2.4.2-2.1+squeeze4", "squeeze-security": "2.4.2-2.1+squeeze4", "wheezy": "2.4.9-1.1", "wheezy-security": "2.4.9-1.1+deb7u1" }, "scope": "remote" }, Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150316161909.ga4...@home.ouaza.com