Code review comment for ~eslerm/ubuntu-cve-tracker:upstream-cve-references

LGTM except I wonder if the implementation of cve_lib.remote_reference() is a bit too simplistic - could it possibly mess up a CVE description if the reference URL was also found there for some reason? Should it perhaps look for the References: block and then only delete lines that it finds within that block? See the implementation for add_reference() for inspiration.