January 2008 - security-commits - Fedora Mailing-Lists

fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3052/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bodhi.pm Log Message: getting number of updates per package should no longer be needed with current bodhi version, 0 seems to work well Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Bodhi.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1 +++ Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2 @@ -79,15 +79,9 @@ my @retval; - # Get number of updates - - # XXX escape - my $json = `wget --post-data 'package=$pkg&tg_paginate_limit=1' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; - my $obj = jsonToObj ($json); - - # Get updates themselves - - $json = `wget --post-data 'package=$pkg&tg_paginate_limit=$obj->{num_items}' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; + # Get updates + $json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\ + 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; $obj = jsonToObj ($json); foreach my $update (@{$obj->{'updates'}}) {

16 years, 5 months

1
0
0 / 0

fedora-security/tools/lib/Libexig CVE.pm, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/lib/Libexig Modified Files: Tag: lkundrak-tools-ng CVE.pm Log Message: Use LWP::Simple instead of wget in CVE.pm Index: CVE.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/CVE.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- CVE.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1 +++ CVE.pm 10 Jan 2008 14:53:09 -0000 1.1.2.2 @@ -9,6 +9,7 @@ use Exporter 'import'; use XML::Parser; +use LWP::Simple; @EXPORT = qw/cve/; @@ -82,10 +83,10 @@ { my ($file, $age) = @_; - # XXX: escaping + mkdir $cachebase; system ("mkdir -p '$cachebase'"); - system ("wget -qcO '$cachebase$file' '$sourcebase$file'") - and die ('Failed to update cache'); + mirror ($sourcebase.$file, $cachebase.$file) + or die ('Failed to update cache'); return $cachebase.$file; }

16 years, 5 months

1
0
0 / 0

fedora-security/tools/scripts get-cve, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/scripts Modified Files: Tag: lkundrak-tools-ng get-cve Log Message: Use LWP::Simple instead of wget in CVE.pm Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/get-cve,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- get-cve 6 Jan 2008 03:31:54 -0000 1.1.2.1 +++ get-cve 10 Jan 2008 14:53:09 -0000 1.1.2.2 @@ -4,13 +4,12 @@ # Get CVE information from NVD # Lubomir Kundrak <lkundrak(a)redhat.com> -die "Possibly useless"; -=cut use warnings; use strict; use Libexig::CVE; +use Data::Dumper; @ARGV or die 'Usage: get-cve <cve> [...]';

16 years, 5 months

1
0
0 / 0

fedora-security/tools fedora-security.spec, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894 Modified Files: Tag: lkundrak-tools-ng fedora-security.spec Log Message: Use LWP::Simple instead of wget in CVE.pm Index: fedora-security.spec =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/fedora-security.spec,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- fedora-security.spec 6 Jan 2008 03:31:52 -0000 1.1.2.1 +++ fedora-security.spec 10 Jan 2008 14:53:08 -0000 1.1.2.2 @@ -1,6 +1,6 @@ Name: fedora-security Version: 0.9 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tools for Fedora Security Response Team use Group: Development/Libraries @@ -25,7 +25,6 @@ #!/bin/sh %{__perl_requires} $* |\ sed -e '/perl(Email::Simple)/d' |\ - sed -e '/perl(LWP::Simple)/d' |\ sed -e '/perl(Mail::Mbox::MessageParser)/d' |\ sed -e '/perl(Net::FTP)/d' EOF

16 years, 5 months

1
0
0 / 0

fedora-security/audit f8, 1.75, 1.76 f9, 1.68, 1.69 fc7, 1.232, 1.233

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26031 Modified Files: f8 f9 fc7 Log Message: wordpress Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.75 retrieving revision 1.76 diff -u -r1.75 -r1.76 --- f8 10 Jan 2008 13:45:34 -0000 1.75 +++ f8 10 Jan 2008 13:54:16 -0000 1.76 @@ -8,6 +8,12 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.68 retrieving revision 1.69 diff -u -r1.68 -r1.69 --- f9 9 Jan 2008 16:25:15 -0000 1.68 +++ f9 10 Jan 2008 13:54:16 -0000 1.69 @@ -8,6 +8,12 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.232 retrieving revision 1.233 diff -u -r1.232 -r1.233 --- fc7 10 Jan 2008 13:45:34 -0000 1.232 +++ fc7 10 Jan 2008 13:54:16 -0000 1.233 @@ -9,6 +9,12 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828

16 years, 5 months

1
0
0 / 0

fedora-security/audit f8, 1.74, 1.75 fc7, 1.231, 1.232

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25800/audit Modified Files: f8 fc7 Log Message: xfce cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- f8 9 Jan 2008 13:00:00 -0000 1.74 +++ f8 10 Jan 2008 13:45:34 -0000 1.75 @@ -20,6 +20,8 @@ CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 +CVE-2007-6532 version (libxfcegui4) #412761 [since FEDORA-2007-4368] +CVE-2007-6531 version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] @@ -46,9 +48,6 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 -GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368] -GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368] -GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6285 VULNERABLE (autofs) #426400 CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.231 retrieving revision 1.232 diff -u -r1.231 -r1.232 --- fc7 9 Jan 2008 16:25:15 -0000 1.231 +++ fc7 10 Jan 2008 13:45:34 -0000 1.232 @@ -20,6 +20,8 @@ CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 +CVE-2007-6532 version (libxfcegui4) #412751 [since FEDORA-2007-4385] +CVE-2007-6531 version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] @@ -46,9 +48,6 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 -GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] -GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] -GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]

16 years, 5 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: Finally commiting the splitoff of the tracking bug routines to the library 12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty... And hopefuly merging in tomas' change... :} Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Fedora.pm 6 Jan 2008 12:48:45 -0000 1.1.2.1 +++ Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2 @@ -14,6 +14,10 @@ 'low' => 'low', ); +### +### Parent bugs from CVE +### + # Get the text to include in the CVE bug descripiton sub cve_bug_desc { @@ -64,3 +68,183 @@ 'alias' => $cve, ); } + +### +### Tracking bugs +### + +my $comment_head = + 'This is an automatically created tracking bug! '. + 'It was created to ensure that one or more security '. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. + "\n\n". + 'For comments that are specific to the vulnerability please use bugs '. + 'filed against "Security Response" product referenced in "Blocks" '. + 'field.'. + "\n\n"; + +my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs + "\n". + 'When creating an update for the version this this bug is reported '. + 'against please include the bug IDs of respective bugs filed '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. + 'note that the update announcement will (and should) contain only '. + 'references to "Security Response" bugs as long as the tracking '. + 'bug is restricted to "Fedora Project Contributors".'. + "\n\n"; + +my $comment_rawhide = + "\n". + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Do *not* include the bug id of this bug in the RPM changelog and the '. + 'commit message.'. + "\n\n"; + +my %priorities = ( + 'urgent', => 4, + 'high', => 3, + 'medium', => 2, + 'low' => 1, +); + +# Valid versions +my %versions = ( + '6', => '6', + 'f6', => '6', + 'fc6', => '6', + '7', => '7', + 'f7', => '7', + 'fc7', => '7', + '8', => '8', + 'f8', => '8', + 'fc8', => '8', + '9', => 'rawhide', + 'f9', => 'rawhide', + 'fc9', => 'rawhide', + 'devel', => 'rawhide', +); + +sub tracking_bugs +{ + my $bugs = shift; + my $component = shift; + my @versions = @_; + + my @retval; + + # Construct a tracking bug template + + my %bug_tmpl = ( + 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', + 'rep_platform' => 'All', + 'op_sys' => 'Linux', + 'short_desc' => '', + 'keywords' => 'Security', + 'product' => 'Fedora', + 'component' => $component, + 'bug_severity' => 'low', + 'priority' => 'low', + 'bit-58' => '1', # Fedora Project Contributors + ); + + my $comment_parents = ''; + + foreach my $bug (@{$bugs}) { + + # Take the highest of priorities + $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} + if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}}); + $bug_tmpl{'priority'} = $bug->{'priority'} + if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}}); + + # This will be overwriten if we block just one parent bug + $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; + + # Add the parent bug to the comment + $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; + } + + if (@{$bugs} > 1) { + $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; + } else { + $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; + } + + # Create a bug hash for each version + + foreach my $version (@versions) { + my %bug = %bug_tmpl; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; + $bug{'version'} = $versions{$version}; + + $bug{'comment'} = + $comment_head. + $comment_parents. + ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update). + $comment_tail; + + push @retval, \%bug; + } + + return \@retval; +} + +sub file_tracking_bugs +{ + my $parent_bugs = shift; + my $tracking_bugs = shift; + my $bugzilla = shift; + + foreach my $bug (@{$tracking_bugs}) { + my $bug_id = $bugzilla->file_bug (\%bug); + + if ($bug{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$bugs}) { + $tr_comment .= ','.$bug->{'bug_id'}; + } + + # XXX: public + $bugzilla->add_private_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, \@bugs); + $comment .= $bug{'version'}.": bug #$bug_id\n"; +=cut +} + +=cut + +# File for each version + +my $comment = "Created Fedora tracking bugs for $component:\n\n"; + +=cut +=cut + +# Add comment to original bugs + +foreach my $bug (@bugs) { + $bugzilla->add_private_comment ($bug, $comment); +} + +print STDERR $comment; +=cut

16 years, 5 months

1
0
0 / 0

fedora-security/tools/scripts add-tracking-bugs, 1.1.2.2, 1.1.2.3

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: Finally commiting the splitoff of the tracking bug routines to the library 12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty... And hopefuly merging in tomas' change... :} Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- add-tracking-bugs 7 Jan 2008 16:52:18 -0000 1.1.2.2 +++ add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3 @@ -21,72 +21,11 @@ use Libexig::Util; use Libexig::Bugzilla; +use Libexig::Fedora; use warnings; use strict; -my $comment_head = - 'This is an automatically created tracking bug! '. - 'It was created to ensure that one or more security '. - 'vulnerabilities are fixed in all affected branches.'. - "\n\n". - 'You should *not* refer to this bug publicly, as it is a '. - 'private "Fedora Project Contributors" bug.'. - "\n\n". - 'For comments that are specific to the vulnerability please use bugs '. - 'filed against "Security Response" product referenced in "Blocks" '. - 'field.'. - "\n\n"; - -my $comment_tail = - 'For more information see: '. - 'http://fedoraproject.org/wiki/Security/TrackingBugs'; - -my $comment_update = - # Following the list of parent bugs - "\n". - 'When creating an update for the version this this bug is reported '. - 'against please include the bug IDs of respective bugs filed '. - 'against "Security Response" product as well as of this bug and let the '. - 'update system close them. Please '. - 'note that the update announcement will (and should) contain only '. - 'references to "Security Response" bugs as long as the tracking '. - 'bug is restricted to "Fedora Project Contributors".'. - "\n\n"; - -my $comment_rawhide = - "\n". - 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. - 'Fixed In field if possible) once is it fixed in devel branch. '. - 'Do *not* include the bug id of this bug in the RPM changelog and the '. - 'commit message.'. - "\n\n"; - - -my %impact = ( - 'urgent', => 4, - 'high', => 3, - 'medium', => 2, - 'low' => 1, -); - -# Valid versions -my %versions = ( - '6', => '6', - 'f6', => '6', - 'fc6', => '6', - '7', => '7', - 'f7', => '7', - 'fc7', => '7', - '8', => '8', - 'f8', => '8', - 'fc8', => '8', - '9', => 'rawhide', - 'f9', => 'rawhide', - 'fc9', => 'rawhide', - 'devel', => 'rawhide', -); - # Command line options my (@bugs, @versions, $dryrun, $debug, $username, $password, $component); @@ -115,14 +54,17 @@ $options{'versions'} or die 'versions argument is mandatory'; @versions = split (/,/, $options{'versions'}); -$versions{$_} or die "Invalid version: $_" foreach (@versions); +#XXX +##$versions{$_} or die "Invalid version: $_" foreach (@versions); $component = $options{'component'} or die 'component argument is mandatory'; $dryrun = ($options{'dryrun'} or 0); $debug = ($options{'debug'} or 0); $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); -$password = ($options{'password'} or $dryrun or - read_noecho ("Bugzilla password for $username: ")); +$password = ($options{'password'} or read_noecho ("Bugzilla password for $username: ")) + unless $dryrun; + +$dryrun = 1; my $bugzilla = new Libexig::Bugzilla ({ 'username' => $username, @@ -133,92 +75,10 @@ # Get parent bugs -my $bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); -print Dumper ($bugs) if $debug; - -# Construct a tracking bug template - -my %bug_tmpl = ( - 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', - 'rep_platform' => 'All', - 'op_sys' => 'Linux', - 'short_desc' => '', - 'keywords' => 'Security', - 'product' => 'Fedora', - 'comment' => $comment_head, - 'component' => $component, - 'bug_severity' => 'low', - 'priority' => 'low', - 'bit-58' => '1', # Fedora Project Contributors -); - -foreach my $bug (@{$bugs}) { - - # Take the highest of priorities - $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} - if ($impact{$bug->{'bug_severity'}} > $impact{$bug_tmpl{'bug_severity'}}); - $bug_tmpl{'priority'} = $bug->{'priority'} - if ($impact{$bug->{'priority'}} > $impact{$bug_tmpl{'priority'}}); - - # This will be overwriten if we block just one parent bug - $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; - - # Add the parent bug to the comment - $bug_tmpl{'comment'} .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; -} - -if ($#bugs) { - $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; -} else { - $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; -} - -# File for each version - -my $comment = "Created Fedora tracking bugs for $component:\n\n"; - -foreach my $version (@versions) { - my %bug = %bug_tmpl; - $bug{'short_desc'} .= " [Fedora $versions{$version}]"; - $bug{'version'} = $versions{$version}; - - if ($bug{'version'} eq 'rawhide') { - $bug{'comment'} .= $comment_rawhide; - } else { - $bug{'comment'} .= $comment_update; - } - - $bug{'comment'} .= $comment_tail; - - print Dumper (\%bug) if $debug; - my $bug_id = $bugzilla->file_bug (\%bug); - - if ($bug{'version'} ne 'rawhide') { - my $tr_comment = - 'You can eventually use the following link to '. - 'create the update request: '."\n". - 'https://admin.fedoraproject.org/updates/new/'. - '?request=Stable'. - '&type=security'. - '&release=Fedora%20'.$bug{'version'}. - '&bugs='.$bug_id; - - foreach my $bug (@{$bugs}) { - $tr_comment .= ','.$bug->{'bug_id'}; - } - - # XXX: public - $bugzilla->add_private_comment ($bug_id, $tr_comment); - } +my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +print Dumper ($parent_bugs) if $debug; - $bugzilla->add_blockers ($bug_id, \@bugs); - $comment .= $bug{'version'}.": bug #$bug_id\n"; -} - -# Add comment to original bugs - -foreach my $bug (@bugs) { - $bugzilla->add_private_comment ($bug, $comment); -} +my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); -print STDERR $comment; +use Data::Dumper; +print Dumper ($tracking_bugs);

16 years, 5 months

1
0
0 / 0

fedora-security/audit f9, 1.67, 1.68 fc7, 1.230, 1.231

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12515/audit Modified Files: f9 fc7 Log Message: syslog-ng fixed in rawhide minor pcre cleanup Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- f9 9 Jan 2008 13:00:00 -0000 1.67 +++ f9 9 Jan 2008 16:25:15 -0000 1.68 @@ -34,7 +34,7 @@ CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] -CVE-2007-6437 VULNERABLE (syslog-ng) #426307 +CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- fc7 9 Jan 2008 13:00:00 -0000 1.230 +++ fc7 9 Jan 2008 16:25:15 -0000 1.231 @@ -684,7 +684,8 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected -CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378411 +CVE-2006-7228 version (pcre, fixed 6.7) +CVE-2006-7227 version (pcre, fixed 6.7) CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-7205 ignore (php) See NVD CVE-2006-7204 ignore (php) See NVD

16 years, 5 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.2, 1.1.2.3

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27408/tools/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: make add_comment more generic wrapper for addComment add close_bug* Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bugzilla.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Bugzilla.pm 8 Jan 2008 16:15:51 -0000 1.1.2.2 +++ Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3 @@ -147,15 +147,18 @@ return undef; } -# Add comment to a bug (unless in dryrun mode) -# Arguments: bug id, comment, make comment private (0/1) +# Add comment - wrapper around bugzilla addComment XMLRPC method +# +# Mandatory arguments: +# bugid, comment +# Optional arguments: +# isprivate, timestamp, worktime, bz_gid, private_in_it, nomail sub add_comment { my $self = shift; my $bug = shift or die 'No bug!'; my $comment = shift or die 'No comment!'; - my $private; $private = shift or $private= 0; if ($self->{dryrun}) { print STDERR 'Would add following comment to bug: #'.$bug."\n"; @@ -164,7 +167,7 @@ } my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment, - @{$self->{creds}}, $private); + @{$self->{creds}}, @_); my $result = $call->result or die $call->faultstring; @@ -175,13 +178,66 @@ } # Add private comment to a bug +# +# Arguments: +# bugid, comment sub add_private_comment { my $self = shift; + my $bug = shift; my $comment = shift; $self->add_comment($bug, $comment, 1); } +# Close bug - wrapper around bugzilla closeBug XMLRPC method +# +# Mandatory arguments: +# bugid, resolution +# Optional arguments: +# dupeid, fixedin, comment, isprivate, private_in_it, nomail +sub close_bug +{ + my $self = shift; + + my $bug = shift or die 'No bug!'; + my $resolution = shift or die 'No resolution!'; + + if ($self->{dryrun}) { + print STDERR 'Would close bug #'.$bug.' as: '.$resolution."\n"; + return 0; + } + + my $call = $self->{rpc}->call('bugzilla.closeBug', $bug, $resolution, + @{$self->{creds}}, @_); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to closeBug: '.Dumper($result) + if $self->{debug}; + return undef; +} + +# Close bug with comment +# +# Mandatory arguments: +# bugid, resulution, comment +# Optional arguments: +# newfixedin, dupeid +sub close_bug_with_comment +{ + my $self = shift; + + my $bug = shift; + my $resolution = shift; + my $comment = shift or die 'No comment!'; + + my $fixedin = shift; + my $dupeid = shift; + + $self->close_bug($bug, $resolution, $dupeid, $fixedin, $comment); +} + 1;

16 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits January 2008