DSA candidates
abiword -- exiv2 -- hdf5 -- icu -- imagemagick -- jython -- libraw -- libvorbis -- mercurial -- opencv -- openexr -- python2.7 -- rtpproxy -- ruby-net-ldap -- sensible-utils -- swi-prolog -- tkabber -- vlc -- whitedune -- chromium-browser/stable -- python3.5/stable -- ruby2.3/stable -- php-horde-crypt/oldstable -- python-werkzeug/oldstable -- python3.4/oldstable -- ruby-http/oldstable -- -- The above is a list of DSA candidates based on the tracker's information. One should evaluate the candidates and either add them to dsa-needed.txt or consider tagging them no-dsa.
Re: SUSE web link changes
On 12/18/2017 08:56 PM, Salvatore Bonaccorso wrote: > I enabled a slight variant of your proposal. Thanks. >> * link to SUSE CVE pages > > I have a question here: Red Hat has similar pages, but I have noticed > that sometimes the CVE pages lack behind to the actual Bugzilla > entries. Is the SUSE one always in sync? The CVE pages will show up as soon as we open a public bug, add a CVE specific note, or release an update referencing the CVE. If the bug was originally embargoed, only the latter. The lag should be 1-2 hours, whenever the generating script runs. But what may have tripped you up is that not every CVE will be used as a bug alias in a 1:1 mapping. Looks good as it is now. Andreas -- Andreas StiegerProject Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Re: SUSE web link changes
Hi Andreas, On Mon, Dec 18, 2017 at 02:53:36PM +0100, Salvatore Bonaccorso wrote: > Hi Andreas, > > Thanks for your contribution! Very much appreciated! > > On Mon, Dec 18, 2017 at 01:41:04PM +0100, Andreas Stieger wrote: > > Hello Debian team, > > > > please consider the following change to the tracker: > > > > * fix SUSE capitalization > > Applied! (and will be updated once security-tracker updated, will do > later). > > > * link to SUSE CVE pages > > I have a question here: Red Hat has similar pages, but I have noticed > that sometimes the CVE pages lack behind to the actual Bugzilla > entries. Is the SUSE one always in sync? I think to remember to have > seen here similar issue. In case of discrepancy I would like to see > still the reference to the bugzilla, so maybe create two references? I enabled a slight variant of your proposal. Patch attached. Thanks a lot for your contribution! Regards, Salvatore >From 0a9f14a5f9352a950946701639a698baac57b6ed Mon Sep 17 00:00:00 2001 From: carnilDate: Mon, 18 Dec 2017 19:52:09 + Subject: [PATCH] Link additionally to bugzilla as well to SUSE's CVE pages Thanks: Andreas Stieger git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58680 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- bin/tracker_service.py | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/bin/tracker_service.py b/bin/tracker_service.py index 35c50adb23..87520ad460 100755 --- a/bin/tracker_service.py +++ b/bin/tracker_service.py @@ -396,8 +396,10 @@ data source.""")], self.make_ubuntu_bug_ref(url, bug.name, 'Ubuntu'), ", ", self.make_gentoo_bug_ref(url, bug.name, 'Gentoo'), - ", ", - self.make_suse_bug_ref(url, bug.name, 'SUSE'), + ", SUSE ", + self.make_suse_bug_ref(url, bug.name, 'bugzilla'), + "/", + self.make_suse_cve_ref(url, bug.name, 'CVE'), ", ", self.make_mageia_bug_ref(url, bug.name, 'Mageia'), ", GitHub ", @@ -1538,6 +1540,8 @@ Debian bug number.'''), def url_suse_bug(self, url, name): return url.absolute("https://bugzilla.novell.com/show_bug.cgi;, id=name) +def url_suse_cve(self, url, name): +return url.absolute("https://www.suse.com/security/cve/%s/; % name) def url_mageia_bug(self, url, name): return url.absolute("https://advisories.mageia.org/%s.html; % name) def url_github_code_bug(self, url, name): @@ -1666,6 +1670,11 @@ Debian bug number.'''), name = cve return A(self.url_suse_bug(url, cve), name) +def make_suse_cve_ref(self, url, cve, name=None): +if name is None: +name = cve +return A(self.url_suse_cve(url, cve), name) + def make_mageia_bug_ref(self, url, cve, name=None): if name is None: name = cve -- 2.15.1
Re: SUSE web link changes
Hi Andreas, Thanks for your contribution! Very much appreciated! On Mon, Dec 18, 2017 at 01:41:04PM +0100, Andreas Stieger wrote: > Hello Debian team, > > please consider the following change to the tracker: > > * fix SUSE capitalization Applied! (and will be updated once security-tracker updated, will do later). > * link to SUSE CVE pages I have a question here: Red Hat has similar pages, but I have noticed that sometimes the CVE pages lack behind to the actual Bugzilla entries. Is the SUSE one always in sync? I think to remember to have seen here similar issue. In case of discrepancy I would like to see still the reference to the bugzilla, so maybe create two references? Regards, Salvatore
SUSE web link changes
Hello Debian team, please consider the following change to the tracker: * fix SUSE capitalization * link to SUSE CVE pages See patch attached, Andreas -- Andreas StiegerProject Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Index: bin/tracker_service.py === --- bin/tracker_service.py (revision 58676) +++ bin/tracker_service.py (working copy) @@ -397,7 +397,7 @@ data source.""")], ", ", self.make_gentoo_bug_ref(url, bug.name, 'Gentoo'), ", ", - self.make_suse_bug_ref(url, bug.name, 'SuSE'), + self.make_suse_bug_ref(url, bug.name, 'SUSE'), ", ", self.make_mageia_bug_ref(url, bug.name, 'Mageia'), ", GitHub ", @@ -1536,8 +1536,7 @@ Debian bug number.'''), def url_gentoo_bug(self, url, name): return url.absolute("https://bugs.gentoo.org/show_bug.cgi;, id=name) def url_suse_bug(self, url, name): -return url.absolute("https://bugzilla.novell.com/show_bug.cgi;, -id=name) +return url.absolute("https://www.suse.com/security/cve/%s/; % name) def url_mageia_bug(self, url, name): return url.absolute("https://advisories.mageia.org/%s.html; % name) def url_github_code_bug(self, url, name): signature.asc Description: OpenPGP digital signature