lp:~eslerm/ubuntu-cve-tracker

Author: Mark Esler
Author Date: 2024-04-12 23:12:16 UTC

run check-cves --refresh with new upstream CVE source reference

Author: Mark Esler
Author Date: 2024-03-19 20:40:29 UTC

check-cves: extend note in human_process_cve()

Author: Mark Esler
Author Date: 2024-04-03 02:52:33 UTC

cna_info.py: init with all valid CNAs until ~2024-03

Author: Mark Esler
Author Date: 2024-03-15 22:13:56 UTC

check-cves: switch formatting regular strings to f-strings and friends

Author: Mark Esler
Author Date: 2024-02-09 20:41:13 UTC

test_publish-cves-to-website-api: spelling fix

Author: Mark Esler
Author Date: 2024-02-16 00:52:14 UTC

vulnerabiltiy_translate: add NFU CNAs

Author: Mark Esler
Author Date: 2024-01-25 20:35:04 UTC

vulnerability_translate add CVE.ubuntu_metadta

Author: Rodrigo Figueiredo Zaiden
Author Date: 2024-01-25 22:28:11 UTC

kernel CVEs: update release info with USN-6606-1

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Mark Esler
Author Date: 2024-01-10 17:07:37 UTC

cve reference refresh: Debian's security-tracker

Author: Mark Esler
Author Date: 2023-11-27 16:39:03 UTC

process_cves: hardcode NVD 2.0 path on people

Signed-off-by: Mark Esler <mark.esler@canonical.com>

Author: Mark Esler
Author Date: 2023-11-16 16:26:39 UTC

add clarifying comments

Signed-off-by: Mark Esler <mark.esler@canonical.com>

Author: Mark Esler
Author Date: 2023-10-26 22:39:12 UTC

cve-translate: overhaul prep for sharing

Signed-off-by: Mark Esler <mark.esler@canonical.com>

Author: Mark Esler
Author Date: 2023-10-17 21:08:54 UTC

nvd-ap-client: make non-INI compatible and clarify documentation

Signed-off-by: Mark Esler <mark.esler@canonical.com>

Author: Mark Esler
Author Date: 2023-08-22 21:57:18 UTC

grub2-boilerplate: review feedback and section break up

Signed-off-by: Mark Esler <mark.esler@canonical.com>

Author: Nishit Majithia
Author Date: 2023-05-31 16:48:27 UTC

make ubuntu/bionic eol in cve_lib

Signed-off-by: Nishit Majithia <nishit.majithia@canonical.com>

Author: Camila Camargo de Matos
Author Date: 2023-05-11 17:03:40 UTC

Re-retiring CVEs after final fixes

Author: Mark Esler
Author Date: 2022-11-03 13:44:07 UTC

usngrep: add reverse to --usns

Author: Florencia Cabral
Author Date: 2022-10-13 15:26:45 UTC

remove extra space

Author: Florencia Cabral
Author Date: 2022-09-30 16:58:53 UTC

cve file syntax

Author: Florencia Cabral
Author Date: 2022-09-27 16:21:06 UTC

update supported packages for kinetic/melodic ros esm

Author: Leonidas S. Barbosa
Author Date: 2022-06-16 18:39:11 UTC

Adding --nvd priority filter to ubuntu-table and pkg_status scripts

Author: Leonidas S. Barbosa
Author Date: 2022-06-10 22:47:30 UTC

Adding hability to list CVE affected packages by NVD priority

Author: Leonidas S. Barbosa
Author Date: 2022-04-21 02:22:06 UTC

Making this_only_affected opt and fixing minor issues

Author: Leonidas S. Barbosa
Author Date: 2022-04-14 16:18:56 UTC

Replacing cve_lib.subprojects for cve_lib.release_name

Author: Leonidas S. Barbosa
Author Date: 2022-04-04 09:57:04 UTC

Adding special-ppa flag in order to handle ppas that are special for us and we want to adress, like ~canonical-chromium-browser

Author: Alex Burrage
Author Date: 2022-03-23 18:11:42 UTC

Update to guidelines in README regarding 'ignored' status

Author: Paulo Flabiano Smorigo
Author Date: 2021-02-10 23:10:15 UTC

scripts/sis-generate-usn: Add PUBLISH flag

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>

Author: Mike Salvatore
Author Date: 2020-11-24 11:14:36 UTC

Add descriptions to ESM experimental -> public migration scripts

Author: Avital Ostromich
Author Date: 2020-09-17 13:28:38 UTC

Add check for invalid CVE priorities

Log an error if a CVE priority is invalid (e.g. 'untriaged') and add an
equivalent unit test.
Remove autogenerated .coverage file.

Author: Mike Salvatore
Author Date: 2020-08-26 17:29:02 UTC

Minor refactor and bugfix of code to publish CVEs to new web API

Author: Steve Beattie
Author Date: 2020-08-14 19:25:06 UTC

oval_lib: generate "USN-NNNN-X" as IDs for oval USN reports

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

Author: Mark Morlino
Author Date: 2020-08-06 16:43:24 UTC

persist macaroon for website api

Author: Steve Beattie
Author Date: 2020-08-01 09:15:44 UTC

generate-oval: fix logic around lines to ignore w/out alpha

The addition of the alpha option broke the logic for lines to
ignore when parsing OVAL output by basically not ignoring lines that
should be ignored when the --alpha option has not been passed on the
command line. Fix this to drop the line if config.alpha is not set or
else use the addition "/esm" logic if config.alpha is set.

But I'm not entirely sure of the alpha logic is supposed to be doing, so
this may be wrong.

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

Author: Mark Morlino
Author Date: 2020-07-21 21:22:17 UTC

scripts/publish-usn-to-website-api.py improve sorting

Author: Joy Latten
Author Date: 2020-04-08 23:20:15 UTC

The ignored_package_fields and ignored_releases were being ignored.

When running the scripts,
WARNING: Unknown package field "Patches" in Patches_ruby2.1 in "././active/CVE-2019-8324"
WARNING: Unknown package field "upstream" in upstream_ruby2.1 in "././active/CVE-2019-8324"

Author: Joy Latten
Author Date: 2020-03-03 21:03:19 UTC

Add GPLv3 to the generated OVAL.

Author: Alex Murray
Author Date: 2019-09-19 13:07:47 UTC

cve.vim: Make vim cve syntax snap aware

Author: Emilia Torino
Author Date: 2019-08-29 23:29:47 UTC

updating help

Author: Alex Murray
Author Date: 2019-08-27 04:33:54 UTC

html_export.py: Make Notes: contents more readable

We do this by formatting as a table using the now-structured Notes data
from cve_lib.py

Author: Emilia Torino
Author Date: 2019-07-29 19:14:45 UTC

improving output message