Code review comment for ~elisehdy/ubuntu-cve-tracker:ruby-saml-update

Thanks Elise for this MP! Have you run make dev_setup? This is part of the UCT setup instructions.

$ make dev_setup

This will install a git pre-commit hook that will run $UCT/scripts/check-syntax on your modified CVE files.

So in this case, if you see the failing build log (below at https://launchpadlibrarian.net/779396038/buildlog_ci_ubuntu-cve-tracker_4fd737ebe7d70abaa2d3bbeeb298dae190681d42_BUILDING.txt.gz), check-cves fail with:

:: /build/lpci/project/active/CVE-2023-22656: 40: package 'onevpl' not in 'plucky'
:: /build/lpci/project/active/CVE-2023-47282: 40: package 'onevpl' not in 'plucky'
:: /build/lpci/project/active/CVE-2023-48727: 28: package 'onevpl' not in 'plucky'

These can be ignored, since are not related to your change (its about plucky packages being updated as the release is on devel activities)

:: /build/lpci/project/retired/CVE-2016-5697: 16: CVE is retired, but has Assigned-to set to elisehdy, should be blank
:: /build/lpci/project/retired/CVE-2017-11428: 20: CVE is retired, but has Assigned-to set to elisehdy, should be blank
:: /build/lpci/project/retired/CVE-2024-45409: 22: CVE is retired, but has Assigned-to set to elisehdy, should be blank

But these 3 are: can you please un-assign yourself from the files?

Also, for CVE-2024-45409 and esm-releases, the status is still released. This is because someone running an ESM Ubuntu release, is/was affected at some point in time (before this update was produced). Setting it as not-affected might incorrectly asses a system.