Address the bts already and put the CVEs in the subject.
---
This can be further improved regards temp id handling, providing a
better subject in case of only a single CVE, etc. but already makes like
simpler. O.k. to apply?
bin/report-vuln | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/bin/report-vuln b/bin/report-vuln
index a20f6ae764..09d42fa1e6 100755
--- a/bin/report-vuln
+++ b/bin/report-vuln
@@ -8,14 +8,14 @@
#
# report-vuln(){
# TMPFILE="$HOME/reportbug.tmp"
-# $HOME/debian/svn/secure-testing/bin/report-vuln "$@" > $TMPFILE
-# mutt -i $TMPFILE sub...@bugs.debian.org
+# $HOME/debian/svn/secure-testing/bin/report-vuln -m "$@" > $TMPFILE
+# mutt -H $TMPFILE
# rm $TMPFILE
# }
#
# in bash, this can be simply:
#
-# mutt -i <($HOME/debian/svn/secure-testing/bin/report-vuln)
sub...@bugs.debian.org
+# mutt -H <($HOME/debian/svn/secure-testing/bin/report-vuln -m <pkg> <CVE>)
#
# export http_proxy if you need to use an http proxy to report bugs
@@ -113,11 +113,18 @@ def get_cve(id):
return ret + '\n'
-def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False,
cclist=None, src=False):
+def gen_text(pkg, cveid, blanks=False, severity=None, affected=None, cc=False,
cclist=None, src=False, mh=False):
vuln_suff = 'y'
cve_suff = ''
time_w = 'was'
temp_id_cnt = 0
+ header = ''
+
+ if mh:
+ header += '''To: sub...@bugs.debian.org
+Subject: %s
+
+''' % ', '.join(cveid)
if len(cveid) > 1:
cve_suff = 's'
@@ -125,9 +132,9 @@ def gen_text(pkg, cveid, blanks=False, severity=None,
affected=None, cc=False, c
time_w = 'were'
if src:
- header = '''Source: %s\n''' % (pkg)
+ header += '''Source: %s\n''' % (pkg)
else:
- header = '''Package: %s\n''' % (pkg)
+ header += '''Package: %s\n''' % (pkg)
if affected is None:
if blanks:
@@ -212,6 +219,7 @@ def main():
parser.add_argument('--cc-list', dest='cclist',
default=['t...@security.debian.org',
'secure-testing-t...@lists.alioth.debian.org'],
help='list of addresses to add in CC (default:
%(default)s)')
parser.add_argument('--src', action="store_true", help='report against
source package')
+ parser.add_argument('-m', '--mail-header', action="store_true",
help='generate a mail header')
parser.add_argument('pkg', help='affected package')
parser.add_argument('cve', nargs='+', help='relevant CVE for this source
package, may be used multiple time if the issue has multiple CVEs')
args = parser.parse_args()
@@ -231,7 +239,7 @@ def main():
if not c.match(arg) and not temp_id.match(arg):
error(arg + ' does not seem to be a valid CVE id')
- gen_text(pkg, cve, affected=args.affected, blanks=args.blanks,
severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src)
+ gen_text(pkg, cve, affected=args.affected, blanks=args.blanks,
severity=args.severity, cc=args.cc, cclist=args.cclist, src=args.src,
mh=args.mail_header)
if __name__ == '__main__':
main()
--
2.15.0
