Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:sync-usns-esm into ubuntu-cve-tracker:master

Proposed by David Fernandez Gonzalez on 2023-04-12

Status:	Merged
Merged at revision:	5048522b86411d5b592464cc257fe6f0d0ce66c5
Proposed branch:	~litios/ubuntu-cve-tracker:sync-usns-esm
Merge into:	ubuntu-cve-tracker:master
Diff against target:	44 lines (+17/-2) 1 file modified scripts/sync-from-usns.py (+17/-2)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Eduardo Barretto		2023-04-12	Approve on 2023-04-21
Review via email: mp+440853@code.launchpad.net

Description of the change

When syncing from a USN, if an update was done for a regular release, we should update the ESM status accordingly, as ESM won't be affected anymore.

Testing: https://pastebin.canonical.com/p/tmFCjMGfBD/

Revision history for this message

Eduardo Barretto (ebarretto) wrote on 2023-04-21:

LGTM, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Aravind

David Fernandez Gonzalez

Philip Roche

Robert C Jennings

Simon Quigley

Steve Beattie

Ubuntu Security Team

 diff --git a/scripts/sync-from-usns.py b/scripts/sync-from-usns.py
 index eae30da..ee138b5 100755
 --- a/scripts/sync-from-usns.py
 +++ b/scripts/sync-from-usns.py
@@ -123,7 +123,7 @@ def extract_cve_descriptions(usn, usnnum):
      return descriptions
--
++srcmap = {}
  for usn in usnlist:
      ubuntu_descriptions = dict()
      if args.debug:
@@ -239,7 +239,8 @@ for usn in usnlist:
                          if cve_lib.is_active_release(rel):
                              cve_rel = cve_lib.get_esm_name(rel, 'universe')
                          else:
--                            srcmap = load(releases=[rel], skip_eol_releases=False)
++                            if not rel in srcmap:
++                                srcmap[rel] = load(releases=[rel], skip_eol_releases=False)[rel]
                              if cve_lib.is_universe(srcmap, src, rel, None):
                                  cve_rel = cve_lib.get_esm_name(rel, 'universe')
                              else:
@@ -309,6 +310,20 @@ for usn in usnlist:
                              version = usn_ver
                          if args.update:
                              cve_lib.update_state(filename, src, cve_rel, 'released', version)
++
++                            if esm_version_match:
++                                continue
++
++                            if not cve_rel in srcmap:
++                                srcmap[cve_rel] = load(releases=[cve_rel], skip_eol_releases=False)[cve_rel]
++
++                            esm_rel = cve_lib.get_esm_name(cve_rel, 'universe' if cve_lib.is_universe(srcmap, src, cve_rel, None) else 'main')
++                            if esm_rel and esm_rel in cves[cve]['pkgs'][src]:
++                                status_esm = cves[cve]['pkgs'][src][esm_rel][0]
++                                if status_esm != 'released' and status_esm != 'not-affected' and status_esm != 'ignored':
++                                    print("USN-%s fixed %s in %s %s%s/%s (was %s)" % (usn, cve, src, version, detail, esm_rel, status_esm), file=sys.stderr)
++                                    cve_lib.update_state(filename, src, esm_rel, 'not-affected', version)
++
                              if args.git_stage:
                                  cve_lib.git_add(filename)
                      elif args.debug:

Ubuntu CVE Tracker

Merge ~litios/ubuntu-cve-tracker:sync-usns-esm into ubuntu-cve-tracker:master

Commit message

Description of the change

Preview Diff

Subscribers