Bug#1001453: marked as done (security-tracker: extend support for bug reporting to update the CVE list with the bug number)

To: Neil Williams <codehelp@debian.org>
Subject: Bug#1001453: marked as done (security-tracker: extend support for bug reporting to update the CVE list with the bug number)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Thu, 03 Feb 2022 11:09:04 +0000
Message-id: <[🔎] handler.1001453.D1001453.164388643114171.ackdone@bugs.debian.org>
Reply-to: 1001453@bugs.debian.org
References: <20220203110706.1404efb1@felix.codehelp> <163913378559.129743.15981572026706783938.reportbug@felix.codehelp>

Your message dated Thu, 3 Feb 2022 11:07:06 +0000
with message-id <20220203110706.1404efb1@felix.codehelp>
and subject line Merged
has caused the Debian Bug report #1001453,
regarding security-tracker: extend support for bug reporting to update the CVE list with the bug number
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1001453: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001453
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: security-tracker: extend support for bug reporting to update the CVE list with the bug number
From: Neil Williams <codehelp@debian.org>
Date: Fri, 10 Dec 2021 10:56:25 +0000
Message-id: <163913378559.129743.15981572026706783938.reportbug@felix.codehelp>

Package: security-tracker
Severity: wishlist
X-Debbugs-Cc: codehelp@debian.org

Adding this as a wishlist bug, arising from existing ideas and
discussions with the security team.

'bin/report-vuln' is useful to standardise reports to the BTS but there
is then a manual step of updating data/CVE/list with the bug number.

A tool to automate a syntactically correct change to a specific CVE
would be a useful extension of this support, not just to add the bug number
once the email is received from the BTS but to also make other standard
changes:

- mark CVE <ID> as fixed in unstable in version <VERSION>
- mark a given released suite (stable/oldstable/LTS) as <not-affected>
  for a specific CVE ID
- add a bug number to an existing CVE entry
- add a NOTE: entry to an existing CVE

Implement with a view that the requests could be integrated into
tracker.d.o so that a merge request can be generated against the
security tracker or a syntactically valid snippet can be generated that
can be merged into the tracker after review.

The parsing support would be similar to existing scripts and tools and
to the support proposed for #1001451 - this tool is focused on changes
to a specific CVE.

--- End Message ---

--- Begin Message ---

To: 1001451-done@bugs.debian.org, 1001453-done@bugs.debian.org

Subject: Merged

From: Neil Williams <codehelp@debian.org>

Date: Thu, 3 Feb 2022 11:07:06 +0000

Message-id: <20220203110706.1404efb1@felix.codehelp>
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38fc7543c6e8fc4a2d15540fd63b837218361e8f

Incremental work will continue from here for feature requests and to
run tests on the bin/ and lib/ scripts (on branches or possibly on
schedules).

-- 
Neil Williams
=============
https://linux.codehelp.co.uk/
Attachment: pgpe6Iji7xvg2.pgp
Description: OpenPGP digital signature

--- End Message ---

Reply to:

Prev by Date: Bug#1001451: marked as done (security-tracker: create tool to ease processing of new uploads that fix CVEs)
Next by Date: External check
Previous by thread: Bug#1001451: marked as done (security-tracker: create tool to ease processing of new uploads that fix CVEs)
Next by thread: Missing bug references for embedded-code-copies data
Index(es):
- Date
- Thread