ubuntu-security-tools

Merge ubuntu-security-tools:umt-upload-cve-detection into ubuntu-security-tools:master

  1. Git
  2. lp:ubuntu-security-tools
  3. umt-upload-cve-detection
  4. Merge into master
Proposed by Mike Salvatore
Status: Merged
Merged at revision: e5a48ab99bfed924cd31928122c4e6204b90abfa
Proposed branch: ubuntu-security-tools:umt-upload-cve-detection
Merge into: ubuntu-security-tools:master
Diff against target: 18 lines (+3/-4)
1 file modified
build-tools/umt (+3/-4)
Reviewer Review Type Date Requested Status
Alex Murray Pending
Marc Deslauriers Pending
Review via email: mp+391517@code.launchpad.net

Description of the change

When performing a fakesync of netqmail, the changelog entry from debian looked like:

  * Address CVE-2005-1513, CVE-2005-1514, CVE-2005-1515, CVE-2020-3811 and
    CVE-2020-3812 (Closes: #961060)

The current code only finds CVE-2005-1513 and CVE-2020-3812. The other 3 CVEs are not detected. This change enables umt to detect CVEs in changelogs like the above.

To post a comment you must log in.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/build-tools/umt b/build-tools/umt
2index fc1382d..653d709 100755
3--- a/build-tools/umt
4+++ b/build-tools/umt
5@@ -2930,10 +2930,9 @@ def parse_changes_file(changes_file):
6 details['distribution'] = line.strip().split()[1]
7 details['pocket'] = 'release'
8 else:
9- match = re.search(r'\bCVE-[0-9]{4}-[0-9]+\b', line)
10- if match is not None:
11- cve = match.group(0)
12- details['cves'].add(cve)
13+ cves = re.findall(r'\bCVE-[0-9]{4}-[0-9]+\b', line)
14+ if cves:
15+ details['cves'].update(set(cves))
16
17 # Handle epoch
18 if ':' in details['version']:

Subscribers

People subscribed via source and target branches