Adding autopkgtests for CVEs

To: debian-lts@lists.debian.org
Subject: Adding autopkgtests for CVEs
From: Chris Lamb <lamby@debian.org>
Date: Mon, 25 Sep 2017 08:08:19 +0100
Message-id: <[🔎] 1506323299.2231538.1117043016.7FF73E6C@webmail.messagingengine.com>

Hi -lts,

I recently had some success adding an autopkgtest for a CVE and
thought I might share:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29

You generate the uuencode input with "uuencode -m -".

Note that I added a "smoke test" for the non-CVE-related
codepaths; if I just tested whether the reproducer was rejected,
this could mask that I broke the regular operation of the package.


Best wishes,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply to:

Follow-Ups:
- Re: Adding autopkgtests for CVEs
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Wheezy update of otrs2?
Next by Date: Re: Adding autopkgtests for CVEs
Previous by thread: Re: Wheezy update of otrs2?
Next by thread: Re: Adding autopkgtests for CVEs
Index(es):
- Date
- Thread