~sbeattie/ubuntu-cve-tracker/+git/ubuntu-cve-tracker:check-cves_ignore_cache

Branch merges

Propose for merging

Merged into ubuntu-cve-tracker:master at revision fbb11d1762fcbfd1d2114b2d745736d7108eb165

Alex Murray: Approve on 2022-05-18

Seth Arnold: Approve on 2022-05-17

Diff: 106 lines (+46/-7)

2 files modified

scripts/check-cves (+9/-7)
scripts/check_cves/ignored_cache.py (+37/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

cea1697... by Steve Beattie on 2022-05-17

check-cves: add a cache of 5 last ignored reasons

Often times when performing triage I bounce between CVEs of a few
different products from the same vendor that end up being ignored. It's
useful to have roughly a cache of five or so entries, plus the debian
reason if available plus the heuristic guess.

Implement a small cache of previously used reasons for ignoring a cve.
It keeps the ordering the same as before, with the cache entries added
last, orted in most recently used order.

Using this results in things looking like:

   Debian CVE Tracker: NOT-FOR-US: Node sds

  A]dd (or R]epeat), I]gnore forever, S]kip for now, or Q]uit? [ignore]
  Reason to be ignored?
     a) Node sds
     b) sds from
     c) BlogEngine.NET
     d) InHand Networks InRouter302
     e) OpenClinica
     f) Intel(R) NUCs
     g) Check Point Enterprise Endpoint

Signed-off-by: Steve Beattie <email address hidden>
TODO: unit tests. Sorry.

	unit-tests:0 (build)
	check-cves:0 (build)

1 → 2 of 2 results

First • Previous • Next • Last

aa22836... by Steve Beattie on 2023-04-07

CVE-2022-46871: add linusrsctp and related references

Thanks to Alexandre Pétillon for providing us with this information.

Signed-off-by: Steve Beattie <email address hidden>

29bc4a8... by Steve Beattie on 2023-04-07

Refresh CVEs (no new CVSS scores)

Signed-off-by: Steve Beattie <email address hidden>

5ab23d3... by Rodrigo Figueiredo Zaiden on 2023-04-07

merge cve updates from kernel team

Signed-off-by: Rodrigo Figueiredo Zaiden <email address hidden>

798f72d... by Thadeu Lima de Souza Cascardo on 2023-04-07

kernel/CVE-2023-0386: add break commit

We have allowed unprivileged mounts of overlayfs with our own fixes in the
past. We also need to look into other mitigations for those kernels.

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

841ceea... by Thadeu Lima de Souza Cascardo on 2023-04-07

kernel/CVE-2023-0386: prioritize as high

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

836cb80... by Ian Constantin on 2023-04-07

Updating jammy status to needed

74161b6... by Ian Constantin on 2023-04-07

Updated release statuses and added patch

ab8deb5... by Thadeu Lima de Souza Cascardo on 2023-04-07

kernel/CVE-2022-0168: autotriage

Signed-off-by: Thadeu Lima de Souza Cascardo <email address hidden>

a74349d... by Steve Beattie on 2023-04-07

Process cves run: triaged 7 CVEs, 90 Ignored, 1 Packages

Packages with new cves:
  bzip3(7)

Signed-off-by: Steve Beattie <email address hidden>