Just to update the scope of this new support for the security-tracker, this part is to be covered by 1001451 - mark CVE <ID> as fixed in unstable in version <VERSION> e.g. ./bin/grab-cve-in-fix --src freerdp2 --cve CVE-2021-41159 (I'm just finalising a script for that bug.) The grab-cve-in-fix support has parsers for different kinds of line sources for the list of CVEs fixed in unstable by a particular upload. I'll work on this bug to provide a helper along these lines: - mark not-affected - add bug number - add a NOTE Something like: ./bin/update-vuln --cve CVE-2021-41159 [--not-affected | --bug | --note] Like grab-cve-in-fix, this would write out a file suitable for manual review and merge using ./bin/merge-cve-files -- Neil Williams ============= https://linux.codehelp.co.uk/
Attachment:
pgpbuM19ne0DZ.pgp
Description: OpenPGP digital signature