lp:~kees/ubuntu-cve-tracker

Author: Kees Cook
Author Date: 2024-02-22 00:43:41 UTC

CVE-2023-40283: Update flaw introduction SHA

The flaw comes from LE reuse, which was introduced in commit 9f0caeb1deaf
("Bluetooth: Add support for reusing the same hci_conn for LE links").

Signed-off-by: Kees Cook <keescook@chromium.org>

Author: Kees Cook
Author Date: 2021-09-14 16:09:17 UTC

Kernel CVEs: fix several "break-fix" entries

Hunt down and correct several kernel CVE flaw introduction commits, as
well as finding some recent fixes that were only listed with "local"
fixes.

Signed-off-by: Kees Cook <kees@ubuntu.com>

Author: Spyros Seimenis
Author Date: 2021-09-13 15:45:29 UTC

USN-5076-1 for git

Author: Eduardo Barretto
Author Date: 2021-05-20 09:32:55 UTC

Add esm-apps/xenial to boilerplates

Author: Eduardo Barretto
Author Date: 2021-04-27 09:22:16 UTC

Only add 'non-ubuntu-software' field with product not Ubuntu

Author: Leonidas S. Barbosa
Author Date: 2021-03-31 18:31:45 UTC

Adding --packages option to CVE OVAL in order to create an OVAL just for a subset of packages

Author: Paulo Flabiano Smorigo
Author Date: 2021-02-10 23:10:15 UTC

scripts/sis-generate-usn: Add PUBLISH flag

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>

Author: Mike Salvatore
Author Date: 2020-11-24 11:14:36 UTC

Add descriptions to ESM experimental -> public migration scripts

Author: Avital Ostromich
Author Date: 2020-09-17 13:28:38 UTC

Add check for invalid CVE priorities

Log an error if a CVE priority is invalid (e.g. 'untriaged') and add an
equivalent unit test.
Remove autogenerated .coverage file.

Author: Mike Salvatore
Author Date: 2020-08-26 17:29:02 UTC

Minor refactor and bugfix of code to publish CVEs to new web API

Author: Steve Beattie
Author Date: 2020-08-14 19:25:06 UTC

oval_lib: generate "USN-NNNN-X" as IDs for oval USN reports

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

Author: Mark Morlino
Author Date: 2020-08-06 16:43:24 UTC

persist macaroon for website api

Author: Steve Beattie
Author Date: 2020-08-01 09:15:44 UTC

generate-oval: fix logic around lines to ignore w/out alpha

The addition of the alpha option broke the logic for lines to
ignore when parsing OVAL output by basically not ignoring lines that
should be ignored when the --alpha option has not been passed on the
command line. Fix this to drop the line if config.alpha is not set or
else use the addition "/esm" logic if config.alpha is set.

But I'm not entirely sure of the alpha logic is supposed to be doing, so
this may be wrong.

Signed-off-by: Steve Beattie <steve.beattie@canonical.com>

Author: Mark Morlino
Author Date: 2020-07-21 21:22:17 UTC

scripts/publish-usn-to-website-api.py improve sorting

Author: Joy Latten
Author Date: 2020-04-08 23:20:15 UTC

The ignored_package_fields and ignored_releases were being ignored.

When running the scripts,
WARNING: Unknown package field "Patches" in Patches_ruby2.1 in "././active/CVE-2019-8324"
WARNING: Unknown package field "upstream" in upstream_ruby2.1 in "././active/CVE-2019-8324"

Author: Joy Latten
Author Date: 2020-03-03 21:03:19 UTC

Add GPLv3 to the generated OVAL.

Author: Alex Murray
Author Date: 2019-09-19 13:07:47 UTC

cve.vim: Make vim cve syntax snap aware

Author: Emilia Torino
Author Date: 2019-08-29 23:29:47 UTC

updating help

Author: Alex Murray
Author Date: 2019-08-27 04:33:54 UTC

html_export.py: Make Notes: contents more readable

We do this by formatting as a table using the now-structured Notes data
from cve_lib.py

Author: Emilia Torino
Author Date: 2019-07-29 19:14:45 UTC

improving output message

Author: Eduardo Barretto
Author Date: 2019-05-17 20:22:28 UTC

Fix component in source_map

Author: Eduardo Barretto
Author Date: 2018-11-09 17:56:19 UTC

Remove kpis from UCT