kernel / kernel-source

Clone
Source Code
GIT

09b359 - Adding support for non-CVE commits which only showed $sha doesn't resolve to CVE.

Authored and Committed by Joao Povoas a month ago
raw patch tree parent
1 file changed. 19 lines added. 18 lines removed.
scripts/cve_tools/check-branch-status
file modified
+19 -18 
    - Adding support for non-CVE commits which only showed $sha doesn't resolve to CVE.
    
    > ./scripts/cve_tools/check-branch-status SLE15-SP6 72cf9e94f32fc18096be3
    Before:
    72cf9e94f32fc18096be3 doesn't resolve to CVE
    After:
    72cf9e94f32fc18096be3 no_cve CVSS_unknown unapplied fix_missing sha_blacklisted breaker_backported
    
    - Adding blacklist info in output when commit does not have a CVE reference in blacklist entry.
    
    > ./scripts/cve_tools/check-branch-status SLE12-SP5 6173a77b7e9d3e202bdb9897b23f2a8afe7bf286
    Before:
    6173a77b7e9d3e202bdb9897b23f2a8afe7bf286 CVE-2023-53116 5.5 unapplied fix_missing breaker_in_base
    After:
    6173a77b7e9d3e202bdb9897b23f2a8afe7bf286 CVE-2023-53116 5.5 unapplied fix_missing sha_blacklisted breaker_in_base
    
    - Always provide blacklisting info, even for low or no CVSS. This is needed  when the sha isn't CVE-referenced. It also should help when cross-referencing public proof of exploitation when a CVSS is undervalued. However, I did not find any case of this since very few CVEs are blacklisted in LTSS branches, only instance where this could happen the CVEs did not have a fixes tag so blacklist info was actually still shown.
file modified
+19 -18
Powered by Pagure 5.14.1
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.