Bug#1001451: Candidate script
Hi,
On Fri, Dec 17, 2021 at 11:57:34AM +0000, Neil Williams wrote:
> https://salsa.debian.org/codehelp/security-tracker/-/commit/2df53b5421cde0c7b1b2dd3343d71aebde2d55b7
>
> https://salsa.debian.org/codehelp/security-tracker/-/raw/grabcvefix/bin/grab-cve-in-fix
>
> Dependencies: python3-debian
>
> Usage: Download from the raw link as bin/grab-cve-in-fix and make it executable.
>
> ./bin/grab-cve-in-fix --help
>
> usage: grab-cve-in-fix [-h] [[--email EMAIL] | [--tracker TRACKER]] | [[--src SRC] & [--cves [CVES ...]]]
>
> Grab CVE data from a package upload for manual review
>
> optional arguments:
> -h, --help show this help message and exit
>
> Online - query either the distro-tracker or debian-devel-changes mail archive:
> --email EMAIL URL of debian-devel-changes announcement in the list archive
> --tracker TRACKER URL of tracker.debian.org 'Accepted NEWS' page for unstable
>
> Offline - run 'make update-packages' first & specify source package and CVE list:
> --src SRC Source package name to look up version in local packages files
> --cves [CVES ...] CVE ID tag with version from local packages files
>
> Data is written to a new <source_package>.list file which can be used with './bin/merge-cve-files'
>
>
> Examples:
>
> ./bin/grab-cve-in-fix --src freerdp2 --cve CVE-2021-41160
>
> ./bin/grab-cve-in-fix --tracker https://tracker.debian.org/news/1285227/accepted-freerdp2-241dfsg1-1-source-into-unstable/
>
> ./bin/grab-cve-in-fix --email https://lists.debian.org/debian-devel-changes/2021/12/msg01280.html
>
> (For these specific examples, data/CVE/list for CVE-2021-41160 would need to be altered, say to <unfixed>, locally.)
Nice! I will need (or want) to try to experiment with it a bit on
apparing real cases.
Regards,
Salvatore
Reply to: