[Secure-testing-team] "FIXES:" and "FIXED-BY:" directives

Florian Weimer fw at deneb.enyo.de
Wed Sep 21 19:20:58 UTC 2005 

I've added new FIXES: and FIXED-BY: directives to the Python code (but
not to the list files, of course -- this is up to you).

This allows you to write:

[September 15th, 2005] DTSA-17-1 lm-sensors - insecure temporary file
	FIXES: DSA-814-1
	- lm-sensors 1:2.9.1-6etch1

in DTSA/list, and

[15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
	FIXES: CAN-2005-2672
	[sarge] - lm-sensors 1:2.9.1-1sarge2
	[woody] - lm-sensors not-affected (woody not affected according to DSA)

in DSA/list.  CAN/list just contains:

CAN-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)

You can see the result on the web at:

  <http://idssi.enyo.de/tracker/CAN-2005-2672>

(See the "Origin" column in the table at the bottom.)

What do you think?  Is this feature useful?  It helps to avoid data
duplication.

("FIXED-BY:" is needed because you cannot reference the FAKE-* entries
in the other direction; they haven't got a real name.)

If you fear that this makes the list files less readable, here's an
Emacs macro that opens a browser window for the issue at the cursor
position.

(defvar idssi-url-base "http://idssi.enyo.de/tracker/"
  "Base URL for the IDSSI security tracker.")

(defun fw/open-debian-bug ()
  (interactive)
  (save-excursion
    (save-match-data
      (while 
	  (and
	   (condition-case ()
	       (progn
		 (backward-char)
		 t)
	     (error nil))
	   (if (looking-at "[a-zA-Z0-9.+-]")
	       t
	     (forward-char))))
      (cond
       ;; CAN/CVE reference
       ((looking-at 
	 "\\(CAN\\|CVE\\)-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]")
	(browse-url (concat idssi-url-base
			    (buffer-substring (match-beginning 0)
					      (match-end 0)))))
       ;; package name
       ((looking-at "[a-z][a-z0-9.+-]+")
	(browse-url (concat idssi-url-base
			    (buffer-substring (match-beginning 0)
					      (match-end 0)))))
       ;; bug number, "_REDIR" means "redirect to Debian BTS if unavailable
       ((looking-at "[0-9]+")
	(browse-url (concat idssi-url-base
			    (buffer-substring (match-beginning 0)
					      (match-end 0))
			    "_REDIR")))))))

I'm sure something similar could be created for VIM. 8-)

More information about the Secure-testing-team mailing list