[Secure-testing-team] "FIXES:" and "FIXED-BY:" directives
Florian Weimer
fw at deneb.enyo.de
Wed Sep 21 19:20:58 UTC 2005
I've added new FIXES: and FIXED-BY: directives to the Python code (but
not to the list files, of course -- this is up to you).
This allows you to write:
[September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file
FIXES: DSA-814-1
- lm-sensors 1:2.9.1-6etch1
in DTSA/list, and
[15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
FIXES: CAN-2005-2672
[sarge] - lm-sensors 1:2.9.1-1sarge2
[woody] - lm-sensors not-affected (woody not affected according to DSA)
in DSA/list. CAN/list just contains:
CAN-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
- lm-sensors 1:2.9.1-7 (bug #324193; medium)
You can see the result on the web at:
<http://idssi.enyo.de/tracker/CAN-2005-2672>
(See the "Origin" column in the table at the bottom.)
What do you think? Is this feature useful? It helps to avoid data
duplication.
("FIXED-BY:" is needed because you cannot reference the FAKE-* entries
in the other direction; they haven't got a real name.)
If you fear that this makes the list files less readable, here's an
Emacs macro that opens a browser window for the issue at the cursor
position.
(defvar idssi-url-base "http://idssi.enyo.de/tracker/"
"Base URL for the IDSSI security tracker.")
(defun fw/open-debian-bug ()
(interactive)
(save-excursion
(save-match-data
(while
(and
(condition-case ()
(progn
(backward-char)
t)
(error nil))
(if (looking-at "[a-zA-Z0-9.+-]")
t
(forward-char))))
(cond
;; CAN/CVE reference
((looking-at
"\\(CAN\\|CVE\\)-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]")
(browse-url (concat idssi-url-base
(buffer-substring (match-beginning 0)
(match-end 0)))))
;; package name
((looking-at "[a-z][a-z0-9.+-]+")
(browse-url (concat idssi-url-base
(buffer-substring (match-beginning 0)
(match-end 0)))))
;; bug number, "_REDIR" means "redirect to Debian BTS if unavailable
((looking-at "[0-9]+")
(browse-url (concat idssi-url-base
(buffer-substring (match-beginning 0)
(match-end 0))
"_REDIR")))))))
I'm sure something similar could be created for VIM. 8-)
More information about the Secure-testing-team
mailing list