Skip to content
Commits on Source (2)
Show whitespace changes
Inline Side-by-side
data/CVE/list
View file @ 26eb84f9
......@@ -3,7 +3,7 @@ CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Derefere
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575
NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414
CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...)
- abcm2ps <unfixed>
- abcm2ps <unfixed> (bug #897966)
NOTE: https://github.com/leesavide/abcm2ps/issues/16
NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
lib/python/bugs.py
View file @ 26eb84f9
......@@ -299,28 +299,6 @@ class Bug(BugBase):
nts.append(notes[key])
self.notes = nts
class BugExtend(Bug):
def writeDB(self, cursor):
"""Writes the record to an SQLite3 database."""
for (typ, c) in self.comments:
cursor.execute("""INSERT INTO bugs_notes
(bug_name, typ, comment) VALUES (?, ?, ?)""",
(self.name, typ, c))
for n in self.notes:
n.writeDB(cursor, self.name)
import apsw
for x in self.xref:
try:
cursor.execute("""INSERT INTO bugs_xref
(source, target) VALUES (?, ?)""",
(self.name, x))
except apsw.ConstraintError:
raise ValueError, \
"cross reference to %s appears multiple times" % x
class BugFromDB(Bug):
def __init__(self, cursor, name):
assert type(name) in types.StringTypes
......@@ -462,9 +440,6 @@ class FileBase(debian_support.PackageFile):
debian_support.PackageFile.__init__(self, name, fileObj)
self.removed_packages = {}
def isExtend(self, name):
return False
def isUniqueName(self, name):
"""Returns True if the name is a real, unique name."""
return True
......@@ -753,11 +728,7 @@ class FileBase(debian_support.PackageFile):
if first_bug:
break
record_name = temp_bug_name(first_bug, description)
if self.isExtend(record_name):
cls = BugExtend
else:
cls = Bug
yield self.finishBug(cls(self.file.name, first_lineno, date,
yield self.finishBug(Bug(self.file.name, first_lineno, date,
record_name, description,
comments, notes=pkg_notes, xref=xref))
......@@ -802,12 +773,6 @@ class CVEFile(FileBase):
bug.mergeNotes()
return bug
class CVECUSTOMERFile(CVEFile):
re_cve = re.compile(r'^(CVE-\d{4}-(?:\d{4,}|XXXX)|TEMP-\d+-\S+)\s+(.*?)\s*$')
def isExtend(self, name):
return True
class DSAFile(FileBase):
"""A DSA file.
......@@ -849,11 +814,6 @@ class DSAFile(FileBase):
bug.mergeNotes()
return bug
class CUSTOMERFile(DSAFile):
re_dsa = re.compile(r'^\[(\d\d) ([A-Z][a-z][a-z]) (\d{4})\] '
+ r'(CUSTOMER-\d+(?:-\d+)?)\s+'
+ r'(.*?)\s*$')
class DLAFile(FileBase):
"""A DLA file.
......
lib/python/security_db.py
View file @ 26eb84f9
......@@ -914,11 +914,9 @@ class DB:
source_removed_packages = '/packages/removed-packages'
sources = ((bugs.CVEFile, '/CVE/list'),
(bugs.CVECUSTOMERFile, '/CVE-CUSTOMER/list'),
(bugs.DSAFile, '/DSA/list'),
(bugs.DTSAFile, '/DTSA/list'),
(bugs.DLAFile, '/DLA/list'),
(bugs.CUSTOMERFile, '/CUSTOMER/list'),
(None, source_removed_packages))
unchanged = True
......@@ -971,7 +969,7 @@ class DB:
old_source = ''
for source, target in list(cursor.execute(
"""SELECT source, target FROM bugs_xref
WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%' OR source LIKE 'CUSTOMER-%')
WHERE (source LIKE 'DTSA-%' OR source LIKE 'DSA-%' OR source LIKE 'DLA-%')
AND target LIKE 'CVE-%'""")):
if source <> old_source:
source_bug = bugs.BugFromDB(cursor, source)
......@@ -1854,7 +1852,7 @@ class DB:
"""SELECT bugs.name, bugs.description
FROM bugs, package_notes as p
WHERE p.bug_name = bugs.name
AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%' OR bugs.name LIKE 'CUSTOMER-%' )
AND ( bugs.name LIKE 'DSA-%' OR bugs.name LIKE 'DLA-%')
AND p.package = ?
ORDER BY bugs.release_date DESC""", (package,)):
yield DSAsForSourcePackage(*row)
......