https://salsa.debian.org/codehelp/security-tracker/-/commit/2df53b5421cde0c7b1b2dd3343d71aebde2d55b7 https://salsa.debian.org/codehelp/security-tracker/-/raw/grabcvefix/bin/grab-cve-in-fix Dependencies: python3-debian Usage: Download from the raw link as bin/grab-cve-in-fix and make it executable. ./bin/grab-cve-in-fix --help usage: grab-cve-in-fix [-h] [[--email EMAIL] | [--tracker TRACKER]] | [[--src SRC] & [--cves [CVES ...]]] Grab CVE data from a package upload for manual review optional arguments: -h, --help show this help message and exit Online - query either the distro-tracker or debian-devel-changes mail archive: --email EMAIL URL of debian-devel-changes announcement in the list archive --tracker TRACKER URL of tracker.debian.org 'Accepted NEWS' page for unstable Offline - run 'make update-packages' first & specify source package and CVE list: --src SRC Source package name to look up version in local packages files --cves [CVES ...] CVE ID tag with version from local packages files Data is written to a new <source_package>.list file which can be used with './bin/merge-cve-files' Examples: ./bin/grab-cve-in-fix --src freerdp2 --cve CVE-2021-41160 ./bin/grab-cve-in-fix --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/ ./bin/grab-cve-in-fix --email https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html (For these specific examples, data/CVE/list for CVE-2021-41160 would need to be altered, say to <unfixed>, locally.) -- Neil Williams ============= https://linux.codehelp.co.uk/
Attachment:
pgp04BkdkaDO8.pgp
Description: OpenPGP digital signature