Bug#812410: tracker_data.py: not-affected returned as resolved
Package: security-tracker
Severity: normal
Hi,
CVE-2015-7496 is currently marked as not-affected in squeeze in
data/CVE/list. The returned JSON for squeeze looks like:
"CVE-2015-7496": {
"description": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.",
"releases": {
...
"squeeze": {
"fixed_version": "0",
"repositories": {
"squeeze": "2.30.5-6squeeze5",
"squeeze-security": "2.30.5-6squeeze2"
},
"status": "resolved",
"urgency": "unimportant"
},
...
}
tracker_data.py then interprets this as
elif data['status'] == 'resolved':
status = 'resolved'
reason = 'fixed in {}'.format(
self.data['releases'][release]['fixed_version'])
instead of the expected not-affected (see attached example). Since the
tracker_server doesn't seem to know about "not-affected" I wonder if
this should be fixed in tracker_data or the tracker_service?
Cheers,
-- Guido
#!/usr/bin/python
import sys
from tracker_data import TrackerData
tracker = TrackerData(update_cache=False)
for pkg in tracker.iterate_packages():
if pkg == 'gdm3':
for issue in tracker.iterate_pkg_issues(pkg):
status = issue.get_status('lts')
if issue.name == 'CVE-2015-7496':
print "%s: %s %s %s" % (pkg,
issue.name,
status.status,
status.reason)
Reply to: