JSON export: fix incorrect BTS references (!227) · Merge requests · Debian Security Tracker / security-tracker

Emmanuel Arias requested to merge eamanu/security-tracker:fix-6 into master Jul 11, 2025

The current code associates CVE and BTS ids, but doesn't know how to discriminate multiple packages for the same CVE, resulting in the same BTS ID being used for all packages affected by the same CVE.

The current query relies on the debian_cve view (not used anywhere else) which is a bit buggy and returns too many lines due to an extra FROM table.

This fixes and simplifies debian_cve by using the package field. Then use the new package field to select the right BTS ID.

Closes: #6 (closed)

Edited Jul 12, 2025 by Sylvain Beucler

JSON export: fix incorrect BTS references

Merge request reports