On Thu, Feb 21, 2019 at 01:51:07PM -0500, Antoine Beaupré wrote:
> > -> this script is incorrect/broken for DLAs it seems, as
> > https://www.debian.org/lts/security/ does list the DLAs 1677-1681,
> > just DLAs 1682-1685 are missing. And they are called DLA-1234 there,
> > not "DLA 1234-1"...
> Weird. Is your local checkout up to date?
yes
> What if you run in debug mode?
~/Projects/debian-www/cron$ ../cron/parts/10-check-advisories --mode DLA --debug 2>&1 | head -50
INFO: fetching URL https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/DLA/list
DEBUG: Starting new HTTPS connection (1): salsa.debian.org
DEBUG: https://salsa.debian.org:443 "GET /security-tracker-team/security-tracker/raw/master/data/DLA/list HTTP/1.1" 200 47253
INFO: checking DLA-1685-1 (2019)
ERROR: .data or .wml file missing for DLA 1685-1
DEBUG: skipping line: " {CVE-2019-6338}"
DEBUG: skipping line: " [jessie] - drupal7 7.32-1+deb8u15"
INFO: checking DLA-1684-1 (2019)
ERROR: .data or .wml file missing for DLA 1684-1
DEBUG: skipping line: " {CVE-2019-6454}"
DEBUG: skipping line: " [jessie] - systemd 215-17+deb8u10"
INFO: checking DLA-1683-1 (2019)
ERROR: .data or .wml file missing for DLA 1683-1
DEBUG: skipping line: " {CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8794 CVE-2018-8795 CVE-2018-8796 CVE-2018-8797 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182}"
DEBUG: skipping line: " [jessie] - rdesktop 1.8.4-0+deb8u1"
INFO: checking DLA-1660-2 (2019)
ERROR: .data or .wml file missing for DLA 1660-2
DEBUG: skipping line: " [jessie] - rssh 2.3.4-4+deb8u3"
INFO: checking DLA-1682-1 (2019)
ERROR: .data or .wml file missing for DLA 1682-1
DEBUG: skipping line: " {CVE-2018-20721}"
DEBUG: skipping line: " [jessie] - uriparser 0.8.0.1-2+deb8u2"
INFO: checking DLA-1681-1 (2019)
ERROR: .data or .wml file missing for DLA 1681-1
DEBUG: skipping line: " {CVE-2019-7659}"
DEBUG: skipping line: " [jessie] - gsoap 2.8.17-1+deb8u2"
INFO: checking DLA-1680-1 (2019)
ERROR: .data or .wml file missing for DLA 1680-1
DEBUG: skipping line: " {CVE-2018-17000 CVE-2018-19210 CVE-2019-7663}"
DEBUG: skipping line: " [jessie] - tiff 4.0.3-12.3+deb8u8"
INFO: checking DLA-1679-1 (2019)
ERROR: .data or .wml file missing for DLA 1679-1
DEBUG: skipping line: " [jessie] - php5 5.6.40+dfsg-0+deb8u1"
INFO: checking DLA-1678-1 (2019)
ERROR: .data or .wml file missing for DLA 1678-1
DEBUG: skipping line: " {CVE-2018-18356 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505 CVE-2018-18509 CVE-2019-5785}"
DEBUG: skipping line: " [jessie] - thunderbird 1:60.5.1-1~deb8u1"
INFO: checking DLA-1677-1 (2019)
ERROR: .data or .wml file missing for DLA 1677-1
DEBUG: skipping line: " {CVE-2018-18356 CVE-2019-5785}"
DEBUG: skipping line: " [jessie] - firefox-esr 60.5.1esr-1~deb8u1"
INFO: checking DLA-1676-1 (2019)
ERROR: .data or .wml file missing for DLA 1676-1
DEBUG: skipping line: " {CVE-2017-15105}"
DEBUG: skipping line: " [jessie] - unbound 1.4.22-3+deb8u4"
INFO: checking DLA-1675-1 (2019)
ERROR: .data or .wml file missing for DLA 1675-1
DEBUG: skipping line: " {CVE-2019-6690}"
DEBUG: skipping line: " [jessie] - python-gnupg 0.3.6-1+deb8u1"
INFO: checking DLA-1674-1 (2019)
> > Also, if this merge request would be merged, it would just run it in
> > normal, DSA, mode. Do you have a suggestion how to run it in DLA mode?
> We could simply change the default here:
>
> parser.add_argument('--mode', default='DSA', choices=('DSA', 'DLA'),
> help='which sort of advisory to check (default: %(default)s)') # noqa: E501
hmm. (and then, what about missing DSAs?)
--
tschau,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
Attachment:
signature.asc
Description: PGP signature