Merge ~flor-cabral/ubuntu-cve-tracker:CVE-2021-37146 into ubuntu-cve-tracker:master
Proposed by
Florencia Cabral
| Status: | Superseded |
|---|---|
| Proposed branch: | ~flor-cabral/ubuntu-cve-tracker:CVE-2021-37146 |
| Merge into: | ubuntu-cve-tracker:master |
| Diff against target: |
10 lines (+2/-0) 1 file modified
active/CVE-2021-37146 (+2/-0) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Eduardo Barretto | Needs Fixing | ||
|
Review via email:
|
|||
Commit message
Add status for ROS ESM packages
Description of the change
Add statuses for Xenial (ROS Kinetic) and Bionic (ROS Melodic) distros for the ROS ESM supported packages ('ros-kinetic-
To post a comment you must log in.
Unmerged commits
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
There are quite a few things that needs fixing, but to give some more background, our package status line follow the pattern:
<product>
For Ubuntu archive the product is 'ubuntu', and therefore it can be omitted. So
ubuntu/
is the same as
xenial_
For other products that are not ubuntu archive, you will need to specify then.
Therefore:
1. the ros-kinetic line should be like:
ros-
The product is ros-esm and it needs to be specified, otherwise this will be understood as ubuntu product.
You see I've included a reason there, we always try to say why a package is not-affected. It could be because it was fixed in a previous version, then we would say for example:
not-affected (1.2.3-1)
It could be that it is not affected because the vulnerable code does not exist in that package version that we have, then we would have:
not-affected (code not present)
2. The ros-melodic line has not only the same issue as above about the product, but also ros-melodic-
You will need to review and add if missing ros-melodic-
After you have done the above, the line will look like:
ros-
Every released status needs a version number after it, being the version number the version that you fixed the CVE.