~alexmurray/ubuntu-cve-tracker:try-lookup-kernel-cves-from-local-repo

Branch merges

Propose for merging

Merged into ubuntu-cve-tracker:master at revision f0b7992bb2fa2e85c53ca3f374f0258c5345e9b8

Rodrigo Figueiredo Zaiden: Approve on 2024-05-20

Ubuntu Security Team: Pending requested 2024-05-20

Diff: 80 lines (+41/-6)

1 file modified

scripts/cve_lib.py (+41/-6)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

7b9d112... by Alex Murray on 2024-05-20

scripts/cve_lib.py: try looking up kernel commits from local git clone

First try and look up kernel git commit details from the locally configured
linux_kernel_path (this is already used in the kernel CVE triage scripts) and
then fallback to pulling down the individual commit via the network if that
fails.

This should speed up these operations when a local git repo exists is configured
AND has the relevant commits.

Signed-off-by: Alex Murray <email address hidden>

	unit-tests:0 (build)
	check-cves:0 (build)
	check-cve-website-state:0 (build)

1 → 3 of 3 results

First • Previous • Next • Last

2f62737... by Alex Murray on 2024-05-20

process_cves Mon

Signed-off-by: Alex Murray <email address hidden>

d758ef8... by Alex Murray on 2024-04-12

scripts/check-cves: try match CVE references against package homepages

Parse and store the Homepage field in source_map and then try and match these
URLs against any we see in the references for a CVE to hint that the package is
likely affected.

Signed-off-by: Alex Murray <email address hidden>

	unit-tests:0 (build)
	check-cves:0 (build)
	check-cve-website-state:0 (build)

1 → 3 of 3 results

First • Previous • Next • Last

a9986d2... by Alex Murray on 2024-05-19

Enable CHECK_CVES_BREAKFIX by default

This is stable and should be used by everyone doing CVE triage.

Signed-off-by: Alex Murray <email address hidden>

0a97918... by Mark Esler on 2024-05-19

strongswan: add upstream advisory

6c863b7... by Rodrigo Figueiredo Zaiden on 2024-05-17

kernel: fips/focal: update already released CVEs

 update status for fips/focal kernels:
 linux-aws-fips, linux-azure-fips and linux-gcp-fips

 updated based on linux-aws released versions

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

f3cb455... by Eduardo Barretto on 2024-05-17

Fix check-syntax warnings on missing fips/focal kernels

Similar to commit c5bf98b0f3, still unsure why during triage it is
not adding those kernels and also why check-syntax -a fix it incorrectly
and we have to manually fix it

788b39d... by Rodrigo Figueiredo Zaiden on 2024-05-17

kernel/CVE-2024-21823: add notes and commits

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

e8a915b... by Marc Deslauriers on 2024-05-17

process_cves run

0b0f31b... by Marc Deslauriers on 2024-05-17

added openssl CVE