External check
CVE-2017-2639: RESERVED -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.
Re: [PATCH 0/8] Cleanup D*A ist formating
Philipp Hahn wrote: > for my project I need the information which CVE is fixed by which Debian > package. I do that by reading the DSA list. I tried lib/python/bugs.py > first, but at the end wrote my own parser based on some simple regular > expressions. > While doing that I noticed that the lists are formatted inconsistently. On the > one hand you could say "so use our bugs.py parser, which knows how to handle > those exceptions", but making them consistent looks like the better option to > me. > > The following 8 patches do > * lots of white space consolidations, > * add missing / remove double dashes, > * add missing package names in two cases. There's no attachment :-) We can certainly apply the patch for the missing package names, but the other ones seem like pointless churn. Those files are hand-edited and new whitespace/dash changes will inevitably reappear, so you should rather robustify your parser similar to what's done in bugs.py Cheers, Moritz
Re: [PATCH 0/8] Cleanup D*A ist formating
On 05/31/2017 04:47 AM, Sébastien Delafond wrote: > On 2017-05-31, Philipp Hahn wrote: >> for my project I need the information which CVE is fixed by which >> Debian package. I do that by reading the DSA list. I tried >> lib/python/bugs.py first, but at the end wrote my own parser based on >> some simple regular expressions. > Wouldn't https://security-tracker.debian.org/tracker/data/json be a > better source for any kind of automated parsing ? Or maybe directly use > the OVAL files at https://www.debian.org/security/oval/ ? The JSON is the simplest to use and has the benefit of including fixed versions for issues that weren't fixed by DSAs. Just using the DSAs themselves will be an incomplete list. -- Nicholas Luedtke HPE Linux Security, Hewlett-Packard Enterprise signature.asc Description: OpenPGP digital signature
Re: [PATCH 0/8] Cleanup D*A ist formating
On 2017-05-31, Philipp Hahn wrote: > for my project I need the information which CVE is fixed by which > Debian package. I do that by reading the DSA list. I tried > lib/python/bugs.py first, but at the end wrote my own parser based on > some simple regular expressions. Wouldn't https://security-tracker.debian.org/tracker/data/json be a better source for any kind of automated parsing ? Or maybe directly use the OVAL files at https://www.debian.org/security/oval/ ? Cheers, --Seb
[PATCH 0/8] Cleanup D*A ist formating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, for my project I need the information which CVE is fixed by which Debian package. I do that by reading the DSA list. I tried lib/python/bugs.py first, but at the end wrote my own parser based on some simple regular expressions. While doing that I noticed that the lists are formatted inconsistently. On the one hand you could say "so use our bugs.py parser, which knows how to handle those exceptions", but making them consistent looks like the better option to me. The following 8 patches do * lots of white space consolidations, * add missing / remove double dashes, * add missing package names in two cases. All three lists survive bin/check-syntax successfully. I would welcome it if either you apply them or give me permissions on alioth to commit my myself. Philipp Hahn (8): Use tab for indention Fold multiple spaces Remove space before/after CVE Fold multiple dashes Convert tab-dash to space-dash Separate upstream names only with space Add missing upstream name Separate upstream name and description data/DLA/list |6 +- data/DSA/list | 1224 data/DTSA/list | 74 ++-- 3 files changed, 652 insertions(+), 652 deletions(-) - -- 2.11.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJZLnLBAAoJEDQtBlPRrKzbiIUH/3ekZQxI3dAJWr9xcZ0nzY5i Sf1ZZkEaGMO9wBMTsUAtIdcacaGu7D69ZskDjodhJqubifXGq4bA92CSt4rH4n3i FWlvdqGTrOlZ9dly4lvX/iK2SUgpbBGIkVPAqLsGS42FleWwpPUbfbGuecASaEEk I5HgJ+ut2LS6o6pwudHhcxY6fTFg4lFY0RVPZDKZCXMr04hPfdpUvqYGmw9rgXjf JU9Jeb1oiajaW3kXQ/tW2AuiBAMusb5yqwuOhh7b+xyZayXRC1t63nsgEnqCqRZ7 uL+dixXs5rFwK6ocf/alIgtq8NjbS6v309ZqwegEBvUtKiPjrHOS0qjJTULjh3M= =Nw4E -END PGP SIGNATURE-