Hi,
I’ve started working on this bug at DebCamp 2025.
Some updates will hopefully come.
Sébastien
Le samedi 30 janvier 2016 à 11:20, Sébastien Delafond a écrit :
I think we'd want to make tracker_server aware of the not-affected
status, but I'll wait for a second opinion...
Cheers,
--Seb
Le samedi 23 janvier 2016 à 14:11, Guido Günther a écrit :
Package: security-tracker
Severity: normal
Hi,
CVE-2015-7496 is currently marked as not-affected in squeeze in data/CVE/list. The returned JSON for squeeze looks like:
"CVE-2015-7496": {
"description": "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.",
"releases": {
...
"squeeze": {
"fixed_version": "0",
"repositories": {
"squeeze": "2.30.5-6squeeze5",
"squeeze-security": "2.30.5-6squeeze2"
},
"status": "resolved",
"urgency": "unimportant"
},
...
}
tracker_data.py then interprets this as
elif data['status'] == 'resolved':
status = 'resolved'
reason = 'fixed in {}'.format(
self.data['releases'][release]['fixed_version'])
instead of the expected not-affected (see attached example). Since the tracker_server doesn't seem to know about "not-affected" I wonder if
this should be fixed in tracker_data or the tracker_service?
Cheers,
-- Guido
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)