Hi,
I’ve started working on this bug at DebCamp 2025.
Some updates will hopefully come.
Sébastien
Le samedi 30 janvier 2016 à 11:20, Sébastien Delafond a écrit :
> I think we'd want to make tracker_server aware of the not-affected
> status, but I'll wait for a second opinion...
>
> Cheers,
>
> --Seb
Le samedi 23 janvier 2016 à 14:11, Guido Günther a écrit :
> Package: security-tracker
> Severity: normal
>
> Hi,
> CVE-2015-7496 is currently marked as not-affected in squeeze in
> data/CVE/list. The returned JSON for squeeze looks like:
>
> "CVE-2015-7496": {
> "description": "GNOME Display Manager (gdm) before 3.18.2 allows physically
> proximate attackers to bypass the lock screen by holding the Escape key.",
> "releases": {
> ...
> "squeeze": {
> "fixed_version": "0",
> "repositories": {
> "squeeze": "2.30.5-6squeeze5",
> "squeeze-security": "2.30.5-6squeeze2"
> },
> "status": "resolved",
> "urgency": "unimportant"
> },
> ...
> }
>
> tracker_data.py then interprets this as
>
> elif data['status'] == 'resolved':
> status = 'resolved'
> reason = 'fixed in {}'.format(
> self.data['releases'][release]['fixed_version'])
>
> instead of the expected not-affected (see attached example). Since the
> tracker_server doesn't seem to know about "not-affected" I wonder if
> this should be fixed in tracker_data or the tracker_service?
>
> Cheers,
> -- Guido
>
