Hi Raphael,
On Montag, 20. April 2015, Raphael Hertzog wrote:
> I just noticed that DLA/DSA end up referenced as security issues. See
> for example DLA-204-1 and DLA-27-1 assigned to "file".
That's a bug, thanks for notifying. I will fix it soon, latest on saturday
when I'll add oldoldstable sup
Hi,
On Tue, 14 Apr 2015, Holger Levsen wrote:
> On Dienstag, 14. April 2015, Raphael Hertzog wrote:
> > Can you quickly export the "undetermined" status in the JSON so that I can
> > filter them out?
>
> ok, done.
>
> state will now be one of "resolved", "undetermined" and "open".
I just notice
Hi Raphael,
On Dienstag, 14. April 2015, Raphael Hertzog wrote:
> Can you quickly export the "undetermined" status in the JSON so that I can
> filter them out?
ok, done.
state will now be one of "resolved", "undetermined" and "open".
cheers,
Holger
signature.asc
Description: This i
Hi,
On Mon, 23 Mar 2015, Raphael Hertzog wrote:
> On Mon, 23 Mar 2015, Holger Levsen wrote:
> > > I also noticed that we have nowhere data that says that an
> > > issue is ... maybe those issues should be entirely dropped?
> >
> > I agree that those issues should not be displayed in the tracker,
On Mon, 23 Mar 2015, Holger Levsen wrote:
> > I also noticed that we have nowhere data that says that an
> > issue is ... maybe those issues should be entirely dropped?
>
> I agree that those issues should not be displayed in the tracker, but I'm not
> entirely convinced they should be dropped fr
Hi,
On Dienstag, 17. März 2015, Raphael Hertzog wrote:
> > The repository dictionary has what you are looking for. The releases
> > dictionary indeed lists all versions in all existing releases.
> The repository dictionary doesn't have the data that I'm interested in.
ack
> > Maybe you would pr
On Tue, Mar 17, 2015 at 01:09:44PM +0100, Moritz Mühlenhoff wrote:
> On Tue, Mar 17, 2015 at 08:17:03AM +0800, Paul Wise wrote:
> > On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
> >
> > > I also noticed that we have nowhere data that says that an
> > > issue is ... maybe those issues s
On Tue, Mar 17, 2015 at 08:17:03AM +0800, Paul Wise wrote:
> On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
>
> > I also noticed that we have nowhere data that says that an
> > issue is ... maybe those issues should be entirely dropped?
> >
> > I don't understand why we have that statu
On Tue, 2015-03-17 at 00:03 +0100, Raphael Hertzog wrote:
> I also noticed that we have nowhere data that says that an
> issue is ... maybe those issues should be entirely dropped?
>
> I don't understand why we have that status in the first place.
>
> But my first try at identifying issues open
Hi,
On Mon, 16 Mar 2015, Holger Levsen wrote:
> Hi Raphael,
>
> On Montag, 16. März 2015, Raphael Hertzog wrote:
> > I'm currently trying to use the generated json but the data below the
> > releases field doesn't correspond to what we discussed. It contains
> > entries like wheezy-security or sq
Hi Raphael,
On Montag, 16. März 2015, Raphael Hertzog wrote:
> I'm currently trying to use the generated json but the data below the
> releases field doesn't correspond to what we discussed. It contains
> entries like wheezy-security or squeeze-security when it was supposed
> to have only the unde
On Mon, 16 Mar 2015, Raphael Hertzog wrote:
> On Mon, 09 Mar 2015, Holger Levsen wrote:
> > I have deployed this now. It might be that fixed_version=0 means "not
> > affected" but i'm not sure yet and my mind wants a break (for a moment)...
>
> Another nice thing to add in the generated file is w
Hi,
On Mon, 09 Mar 2015, Holger Levsen wrote:
> I have deployed this now. It might be that fixed_version=0 means "not
> affected" but i'm not sure yet and my mind wants a break (for a moment)...
Another nice thing to add in the generated file is whether the package is
listed in dsa-needed.txt an
Hi,
I have deployed this now. It might be that fixed_version=0 means "not
affected" but i'm not sure yet and my mind wants a break (for a moment)...
cheers,
Holger
signature.asc
Description: This is a digitally signed message part.
Hi,
On Montag, 9. März 2015, Raphael Hertzog wrote:
> I don't understand. IIRC we said the content of "repositories" and
> "releases" was supposed to have the same structure. The only difference
> was that it applied to different versions of packages.
I think the confusion might be because you st
On Mon, 09 Mar 2015, Holger Levsen wrote:
> I dont, as I've converted the previous yaml output to json, because I liked
> the humand readability of the result...
Even for the YAML output I would have used a YAML library, so it doesn't
make more sense for me :-)
> > That said your "repositories"
Hi,
On Montag, 9. März 2015, Raphael Hertzog wrote:
> But I wonder why you have such problems? Aren't you storing the result
> in memory and then letting a json lib output the data?
I dont, as I've converted the previous yaml output to json, because I liked
the humand readability of the result..
Hi,
On Freitag, 27. Februar 2015, Paul Wise wrote:
> To clarify, I was suggesting keep the version numbers in the
> "repositories" section but only keep fixed version numbers in the
> "releases" section. Also, the fixed version numbers appear to be
> incorrect, for example the website says CVE-201
On Thu, Feb 26, 2015 at 5:08 PM, Holger Levsen wrote:
> I haven't tested the output against a json validator yet... so feedback
> welcome and I do expect some more work to do...
I am seeing the same issues as Rapahel.
A poor man's checker if you are parseable in theory would be:
wget https://se
Hi,
On Thu, 26 Feb 2015, Holger Levsen wrote:
> so I've deployed my patches now and you can get json at
> https://security-tracker.debian.org/tracker/data/json now.
>
> I haven't tested the output against a json validator yet... so feedback
> welcome and I do expect some more work to do...
Yea
Hi Florian,
On Donnerstag, 26. Februar 2015, Florian Weimer wrote:
> There used to be a job that downloaded the full description from the
> NVD web service and put it into the nvd_data table (update-nvd and
> DB.updateNVD()). The web service looks at this table and prefers the
> descriptions foun
Hi Paul,
On Fri, Feb 27, 2015 at 07:31:10AM +0800, Paul Wise wrote:
> On Thu, 2015-02-26 at 17:41 +0100, Holger Levsen wrote:
> > On Donnerstag, 26. Februar 2015, Paul Wise wrote:
> > > I noticed the description fields are truncated, is that intentional?
> >
> > that's all that is stored in the d
On Thu, 2015-02-26 at 17:41 +0100, Holger Levsen wrote:
> On Donnerstag, 26. Februar 2015, Paul Wise wrote:
> > I noticed the description fields are truncated, is that intentional?
>
> that's all that is stored in the db...
Are you sure? By way of example, take a look at CVE-2012-0833, the
descri
* Holger Levsen:
> On Donnerstag, 26. Februar 2015, Paul Wise wrote:
>> I noticed the description fields are truncated, is that intentional?
>
> that's all that is stored in the db...
There used to be a job that downloaded the full description from the
NVD web service and put it into the nvd_data
Hi Paul,
On Donnerstag, 26. Februar 2015, Paul Wise wrote:
> I noticed the description fields are truncated, is that intentional?
that's all that is stored in the db...
> What about making the structure like this?
why? :)
> I'm guessing the code only
> produces one instance of each package.
y
On Thu, 26 Feb 2015 17:08:57 +0100 Holger Levsen wrote:
> so I've deployed my patches now and you can get json at
> https://security-tracker.debian.org/tracker/data/json now.
Cool!
I noticed the description fields are truncated, is that intentional?
Personally I would suggest to keep those at f
control: tags -1 + pending
Hi,
so I've deployed my patches now and you can get json at
https://security-tracker.debian.org/tracker/data/json now.
I haven't tested the output against a json validator yet... so feedback
welcome and I do expect some more work to do...
Important change:
- CVEs ar
27 matches
Mail list logo
