On Tue, Oct 11, 2011 at 12:38:27PM -0400, David Prévot wrote: > Thanks for your hint, Javier (author of the script used to generate > those) and the security team CCed to gather more information. Hi, I've reviewed this issue fully and have adjusted the Makefile to try to make it more evident when the script fails and empty files are generated due to issues in the scripts or the data files that are parsed . There are several issues here, some I've fixed and some that need input from the security team. The problem comes from the changes introduced in DSA 2134 onwards. The .data files of those DSA no longer include: a) the 'header' (<h3>) that was used by the parser to extract the "affected" release information. This information now is only available in the .wml files, but is not easily parsed. b) the packages information which was used to determine which specific platforms were affected Security Team: would you agree if I modified all the 2010 and 2011 advisories to include a new tag (which would not be printed, yet) to make it possible to document which releases were affected by each DSA? See attached an example patch for one DSA (2135). This header would be useful for the OVAL parser to generate the definitions. Web team: if the security team agrees I would update all DSA files from 2135 to 2322 to include that header. That would ensure that we have some OVAL definitions. Best regards, Javier
Index: dsa-2135.data =================================================================== RCS file: /cvs/webwml/webwml/english/security/2010/dsa-2135.data,v retrieving revision 1.2 diff -u -r1.2 dsa-2135.data --- dsa-2135.data 31 Dec 2010 01:10:31 -0000 1.2 +++ dsa-2135.data 11 Oct 2011 23:47:41 -0000 @@ -5,6 +5,7 @@ <define-tag isvulnerable>yes</define-tag> <define-tag fixed>yes</define-tag> <define-tag fixed-section>no</define-tag> +<define-tag affected_release>5.0</define-tag> #use wml::debian::security
Attachment:
signature.asc
Description: Digital signature