Author: fw
Date: 2005-12-22 10:19:06 +0000 (Thu, 22 Dec 2005)
New Revision: 3122
Modified:
lib/python/security_db.py
Log:
lib/python/security_db.py (DB.calculateDebsecan):
Check that a fixed package is actually available in sid, and do not
trust the list files.
Modified: lib/python/security_db.py
==================================================================---
lib/python/security_db.py 2005-12-22 09:21:30 UTC (rev 3121)
+++ lib/python/security_db.py 2005-12-22 10:19:06 UTC (rev 3122)
@@ -1251,6 +1251,8 @@
c.execute("""INSERT OR REPLACE INTO vulnlist
SELECT bug_name, package, id FROM package_notes
WHERE release = ?""", (release,))
+ else:
+ release = ''sid''
c.execute("""DELETE FROM vulnlist WHERE name LIKE
''FAKE-0000000-%''""")
@@ -1286,38 +1288,34 @@
# release.
fix_available = '' ''
- if release:
- fix_available = '' ''
- if kind == ''source'':
- fix_available_sql = """SELECT st.vulnerable
- FROM source_packages AS p, source_package_status AS st
- WHERE p.name = ?
- AND p.release = ?
- AND p.subrelease IN ('''',
''security'')
- AND st.bug_name = ?
- AND st.package = p.rowid
- ORDER BY p.version COLLATE version
DESC"""
- elif kind == ''binary'':
- fix_available_sql = """SELECT st.vulnerable
- FROM binary_packages AS p, binary_package_status AS st
- WHERE p.name = ?
- AND p.release = ?
- AND p.subrelease IN ('''',
''security'')
- AND st.bug_name = ?
- AND st.package = p.rowid
- ORDER BY p.version COLLATE version
DESC"""
- else:
- fix_available_sql = ''''
+ if kind == ''source'':
+ fix_available_sql = """SELECT st.vulnerable
+ FROM source_packages AS p, source_package_status AS st
+ WHERE p.name = ?
+ AND p.release = ?
+ AND p.subrelease IN ('''',
''security'')
+ AND st.bug_name = ?
+ AND st.package = p.rowid
+ ORDER BY p.version COLLATE version DESC"""
+ elif kind == ''binary'':
+ fix_available_sql = """SELECT st.vulnerable
+ FROM binary_packages AS p, binary_package_status AS st
+ WHERE p.name = ?
+ AND p.release = ?
+ AND p.subrelease IN ('''',
''security'')
+ AND st.bug_name = ?
+ AND st.package = p.rowid
+ ORDER BY p.version COLLATE version DESC"""
+ else:
+ fix_available_sql = ''''
- if fix_available_sql:
- for (v,) in c.execute(fix_available_sql,
- (package, release, name)):
- assert v is not None
- if not v:
- fix_available = ''F''
- break
- elif fixed_version <> '''':
- fix_available = ''F''
+ if fix_available_sql:
+ for (v,) in c.execute(fix_available_sql,
+ (package, release, name)):
+ assert v is not None
+ if not v:
+ fix_available = ''F''
+ break
if kind == ''source'':
kind = ''S''
@@ -1340,8 +1338,6 @@
package, fixed_version, description))
result =
base64.encodestring(zlib.compress(''''.join(result), 9))
- if not release:
- release = ''sid''
c.execute(
"INSERT OR REPLACE INTO debsecan_data (name, data) VALUES (?,
?)",
(''release/'' + release, result))