Processed: closing 761963
Processing commands for cont...@bugs.debian.org: > close 761963 Bug #761963 [security-tracker] security-tracker: consolidate vulnerable/fixed per release in overviews Bug #762288 [security-tracker] security-tracker: available versions table is unnecessary Marked Bug as done Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 761963: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761963 762288: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762288 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#660190: marked as done (security-tracker: add per-maintainer page (with half-baked patch))
Your message dated Thu, 6 Jun 2019 21:56:55 +0200 with message-id <20190606195655.GA12735@eldamar.local> and subject line Re: Bug#507303: security-tracker: please provide a per-maintainer report has caused the Debian Bug report #507303, regarding security-tracker: add per-maintainer page (with half-baked patch) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 507303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: wishlist The attached patch implements a first pass at a per-maintainer page of security issues. It involves some database schema changes to it will require a full reimport of all the data. My SQL knowledge isn't great, so there are some deficiencies: I'm not sure if the adding another table is the right way to go, nor if I used the right table name. I'm not sure if the getBugsForMaintainer is correct, especially wrt version numbers/releases/etc. I am not sure how to implement a getDSAsForMaintainer function to add DSAs related to the maintainer at the bottom of the page. -- bye, pabs http://wiki.debian.org/PaulWise Index: lib/python/security_db.py === --- lib/python/security_db.py (revision 18462) +++ lib/python/security_db.py (working copy) @@ -38,6 +38,7 @@ import sys import types import zlib +import email.utils import debian_support import dist_config @@ -123,6 +124,9 @@ # Enable WAL. This means that updates will not block readers. c.execute("PRAGMA journal_mode = WAL") +# Enable foreign keys +c.execute("PRAGMA foreign_keys=ON") + self.schema_version = 22 self._initFunctions() @@ -198,15 +202,23 @@ cursor.execute( """CREATE TABLE source_packages -(name TEXT NOT NULL, +(id INTEGER, +name TEXT NOT NULL, release TEXT NOT NULL, subrelease TEXT NOT NULL, archive TEXT NOT NULL, version TEXT NOT NULL, version_id INTEGER NOT NULL DEFAULT 0, -PRIMARY KEY (name, release, subrelease, archive))""") +UNIQUE (name, release, subrelease, archive), +PRIMARY KEY(id ASC))""") cursor.execute( +"""CREATE TABLE source_package_maintainers +(source_package_id INTEGER NOT NULL, +maintainer TEXT NOT NULL, +FOREIGN KEY(source_package_id) REFERENCES source_packages(id) ON DELETE CASCADE)""") + +cursor.execute( """CREATE TABLE binary_packages (name TEXT NOT NULL, release TEXT NOT NULL, @@ -348,14 +360,14 @@ AND sidp.release = 'sid' AND sidp.subrelease = '' AND sidp.archive = sp.archive AND sidst.bug_name = st.bug_name -AND sidst.package = sidp.rowid) AS unstable_vulnerable, +AND sidst.package = sidp.id) AS unstable_vulnerable, COALESCE((SELECT NOT vulnerable FROM source_packages AS tsecp, source_package_status AS tsecst WHERE tsecp.name = sp.name AND tsecp.release = 'wheezy' AND tsecp.subrelease = 'security' AND tsecp.archive = sp.archive AND tsecst.bug_name = st.bug_name -AND tsecst.package = tsecp.rowid), 0) AS testing_security_fixed, +AND tsecst.package = tsecp.id), 0) AS testing_security_fixed, (SELECT range_remote FROM nvd_data WHERE cve_name = st.bug_name) AS remote, (EXISTS (SELECT * FROM package_notes_nodsa AS pnd @@ -363,7 +375,7 @@ AND pnd.package = sp.name AND pnd.release = 'wheezy')) AS no_dsa FROM source_package_status AS st, source_packages AS sp -WHERE st.vulnerable > 0 AND sp.rowid = st.package +WHERE st.vulnerable > 0 AND sp.id = st.package AND sp.release = 'wheezy' AND sp.subrelease = '' ORDER BY sp.name, st.urgency, st.bug_name""") @@ -380,7 +392,7 @@ AND pnd.package = sp.name AND pnd.release = '%s')) AS no_dsa FROM source_package_status AS st, source_packages AS sp -WHERE st.vulnerable > 0 AND sp.rowid = st.package +WHERE st.vulnerable > 0 AND sp.id = st.package AND sp.release = '%s' AND sp.subrelease = '' AND NOT COALESCE((SELECT NOT vulnerable FROM source_packages AS
Bug#507303: security-tracker: please provide a per-maintainer report
Hi Raphael, On Sat, Nov 29, 2008 at 03:10:21PM -0600, Raphael Geissert wrote: > Package: security-tracker > Severity: wishlist > > It would be great to provide such report, as to have a link to it on > the DDPO. While looking at some open bugs for the security-tracker I encountered this one. I think the Debian maintainer dashboard might be a better option to include this overview (actually it does schon already open security issues in one maintainers view). Regards, Salvatore
Bug#507303: marked as done (security-tracker: please provide a per-maintainer report)
Your message dated Thu, 6 Jun 2019 21:56:55 +0200 with message-id <20190606195655.GA12735@eldamar.local> and subject line Re: Bug#507303: security-tracker: please provide a per-maintainer report has caused the Debian Bug report #507303, regarding security-tracker: please provide a per-maintainer report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 507303: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507303 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: security-tracker Severity: wishlist It would be great to provide such report, as to have a link to it on the DDPO. Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. --- End Message --- --- Begin Message --- Hi Raphael, On Sat, Nov 29, 2008 at 03:10:21PM -0600, Raphael Geissert wrote: > Package: security-tracker > Severity: wishlist > > It would be great to provide such report, as to have a link to it on > the DDPO. While looking at some open bugs for the security-tracker I encountered this one. I think the Debian maintainer dashboard might be a better option to include this overview (actually it does schon already open security issues in one maintainers view). Regards, Salvatore--- End Message ---
Bug#908678: Update on the security-tracker git discussion
Hi Daniel, On Thu, Jun 06, 2019 at 08:35:47AM +0200, Daniel Lange wrote: > Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: > > Could you again point me to your splitted up variant mirror? > > https://git.faster-it.de/debian_security_security-tracker_split_files/ Thanks! While starting to look at it, could you change the splitting to $year.list instead of list.$year? I know this comes from the initial script which was commited. It is though more intuitive working with $work.something than something.$year in this context. Thanks already! Regards, Salvatore
Bug#908678: Update on the security-tracker git discussion
Am 06.06.19 um 07:31 schrieb Salvatore Bonaccorso: Could you again point me to your splitted up variant mirror? https://git.faster-it.de/debian_security_security-tracker_split_files/
External check
CVE-2015-5201: missing from list CVE-2015-5202: missing from list CVE-2015-5203: missing from list CVE-2015-5210: missing from list CVE-2015-5211: missing from list CVE-2015-5212: missing from list CVE-2017-15123: RESERVED CVE-2019-10156: RESERVED CVE-2019-10328: TODO: check -- The output might be a bit terse, but the above ids are known elsewhere, check the references in the tracker. The second part indicates the status of that id in the tracker at the moment the script was run.