~rodrigo-zaiden/ubuntu-cve-tracker:sis_generate_usn_ignore_cves_changelog

Branch merges

Propose for merging

Merged into ubuntu-cve-tracker:master at revision 038b128978c27bbbe5a7bcdd2e34d3324a6292cb

Steve Beattie: Approve on 2023-10-26

Alex Murray: Approve on 2023-10-26

Diff: 13 lines (+3/-0)

1 file modified

scripts/sis-generate-usn (+3/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

7609efb... by Rodrigo Figueiredo Zaiden on 2023-10-25

scripts/sis-generate-usn: check ignored cves from argument when parsing changelog

 when generating USN, we first parse CVEs from changelog before updating
 the CVE set (removing the CVE(s)) with the ignored CVEs from the argument
 '--ignore-cves'. So, if there is a CVE that will fail when parsing the
 changelog, we cannot use the '--ignore-cves' argument because it fails
 before reaching the CVE set update for ignored cves from command.

 verifying if the parsed CVE is listed to be ignored gives us the chance
 to skip that check and won't add the CVE to the USN.

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

	unit-tests:0 (build)
	check-cves:0 (build)

1 → 2 of 2 results

First • Previous • Next • Last

60643d7... by Rodrigo Figueiredo Zaiden on 2023-10-25

kernel CVEs: linux-nvidia-6.2: mark pending

 when jammy/linux-nvidia-6.2 was added, the kernel that it was based
 (jammy/linux-hwe-6.2) had multiple CVEs fixed that were not fixed in
 linux-nvidia-6.2 yet, so they were wrongly marked as 'not-affected'.
 updating those CVEs for the coming version.
 the coming version includes fixes that were fixed in the following
 releases:
    * jammy/linux-hwe-6.2: 6.2.0-33.33~22.04.1
    jammy/linux-hwe-6.2: 6.2.0-34.34~22.04.1
    jammy/linux-hwe-6.2: 6.2.0-35.35~22.04.1
    jammy/linux-hwe-6.2: 6.2.0-36.37~22.04.1

 *: not listed in the changelog, but the CVEs are listed, so when
    updating UCT we should also include the CVEs from this version.

 * command log:
    $ cd $UCT
    $ git grep -l <version>\) | cut -d '/' -f2 | \
    xargs ./scripts/mass-cve-edit -p linux-nvidia-6.2 \
    -r jammy -s pending -v 6.2.0-1011.11

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

261070b... by Fabian Toepfer on 2023-10-25

Update vim cves from USN-6452-1

Signed-off-by: Fabian Toepfer <email address hidden>

17486e0... by Marc Deslauriers on 2023-10-25

updated xorg CVEs with noble version

0ed6b34... by Marc Deslauriers on 2023-10-25

updated xorg CVEs with USNs

9e2e2c0... by Rodrigo Figueiredo Zaiden on 2023-10-25

kernel/CVE-2023-5717: add Google kCTF CVE

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

8eb06d3... by Steve Beattie on 2023-10-25

kernel/CVE-2023-34324: add xen break-fix commits

Signed-off-by: Steve Beattie <email address hidden>

c1d2878... by Rodrigo Figueiredo Zaiden on 2023-10-25

merge cve updates from kernel team

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

1f463ba... by Camila Camargo de Matos on 2023-10-25

Process cves run: triaged 22 CVEs, 122 Ignored, 32 Packages

Packages with new cves:
  arm-compute-library(1) armnn(1) bibledit(1) bibledit-cloud(1)
  chromium-browser(1) dom4j(1) emscripten(1) firefox(11) goxel(1)
  libjose4j-java(1) libsfml(1) libstb(1) love(1) mame(1) mozjs102(11)
  mozjs38(11) mozjs52(11) mozjs68(11) mozjs78(11) mozjs91(11) python-pip(2)
  rabbitmq-java-client(1) rabbitmq-server(1) requests(1) thunderbird(12)
  timg(1) tiny-dnn(1) traceroute(1) utox(1) visp(1) weborf(1) werkzeug(1)

455bfaf... by Marc Deslauriers on 2023-10-25

research mysql CVEs