Bug#788835: marked as done (tracker.debian.org: Display of CVE links in changes files includes invalid markup)

To: Raphael Hertzog <hertzog@debian.org>
Subject: Bug#788835: marked as done (tracker.debian.org: Display of CVE links in changes files includes invalid markup)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 11 Dec 2015 21:27:05 +0000
Message-id: <[🔎] handler.788835.D788835.144986901310096.ackdone@bugs.debian.org>
References: <20151211212328.GA28472@home.ouaza.com> <20150615130705.7591.65164.reportbug@jatayu.nanonanonano.net>

Your message dated Fri, 11 Dec 2015 22:23:28 +0100
with message-id <20151211212328.GA28472@home.ouaza.com>
and subject line Re: Bug#788835: tracker.debian.org: Display of CVE links in changes files includes invalid markup
has caused the Debian Bug report #788835,
regarding tracker.debian.org: Display of CVE links in changes files includes invalid markup
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
788835: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=788835
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tracker.debian.org: Display of CVE links in changes files includes invalid markup

From: Stuart Prescott <stuart@debian.org>

Date: Mon, 15 Jun 2015 23:07:05 +1000

Message-id: <20150615130705.7591.65164.reportbug@jatayu.nanonanonano.net>
Package: tracker.debian.org
Severity: normal

Hi!

The rendering of CVE items in the changelog section of the changes files
includes invalid HTML markup. As an example:

   https://tracker.debian.org/news/584136

which includes

   konversation (1.5-2) unstable; urgency=medium
   .
     * Backport fix for CVE-2014-8483 in cve-2014-8483.patch
       See CVE-2014-8483">https://security-tracker.debian.org/tracker/CVE-2014-8483
       (Closes: #768191)

(with the CVE duplicated and the "> visible in the browser).

cheers
Stuart
--- End Message ---

--- Begin Message ---

To: Stuart Prescott <stuart@debian.org>, 788835-done@bugs.debian.org

Subject: Re: Bug#788835: tracker.debian.org: Display of CVE links in changes files includes invalid markup

From: Raphael Hertzog <hertzog@debian.org>

Date: Fri, 11 Dec 2015 22:23:28 +0100

Message-id: <20151211212328.GA28472@home.ouaza.com>

In-reply-to: <20150616070745.GB29944@home.ouaza.com>

References: <20150615130705.7591.65164.reportbug@jatayu.nanonanonano.net> <20150616070745.GB29944@home.ouaza.com>
On Tue, 16 Jun 2015, Raphael Hertzog wrote:
> Duh, the maintainer included the link
> "https://security-tracker.debian.org/tracker/CVE-2014-8483"; in the
> changelog and that text link is transformed into a real link
> twice, once for the full link and once for the string "CVE-2014-8483".
> 
> And obviously a link embedded in another link doesn't give the expected
> result..

Fixed this by further restricting the way we match CVE numbers. We now
require a space before the CVE number.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
--- End Message ---

Reply to:

Prev by Date: Bug#788074: marked as done (Mail delivery failed: returning message to sender)
Next by Date: Bug#784147: marked as done (tracker.debian.org: please specify Content-Type and charset when serving changelogs)
Previous by thread: Bug#788074: marked as done (Mail delivery failed: returning message to sender)
Next by thread: Bug#784147: marked as done (tracker.debian.org: please specify Content-Type and charset when serving changelogs)
Index(es):
- Date
- Thread