← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

#!/usr/bin/perl -w

# Author: Jamie Strandboge <jamie@ubuntu.com>
# Author: Kees Cook <kees@ubuntu.com>
# Copyright (C) 2005-2008 Canonical Ltd.
#
# This script is distributed under the terms and conditions of the GNU General
# Public License, Version 2 or later. See http://www.gnu.org/copyleft/gpl.html
# for details.

use strict;

my %debdiff;
my %vendor;
my %upstream;
my %patch;	# catchall
my %cves;
my %seen;

my $supported = 0;
if (@ARGV > 0) {
	if ($ARGV[0] eq "-s" or $ARGV[0] eq "--supported" or $ARGV[0] eq "-S") {
		$supported = 1;
	}
}

open CVES, "./scripts/ubuntu-table --supported |" or die;
my @table = <CVES>;	# read the whole file
close(CVES);

foreach my $row (@table) {
	$row =~ /^\s/ and next;
	$supported and $row !~ /SUPPORTED/ and next;

	my @parts = split(/\s+/, $row);

	my $cve = $parts[0];
	exists($seen{$cve}) and next;	# skip CVE files we've looked at

	my $show = 0;
	my $n = 0;
	for my $status (@parts) {
		if ($n > 1) {
			if ($status eq "needed" or $status eq "needs-triage" or $status eq "pending") {
				$show = 1;
				last;
			}
		}
		$n++;
	}
	$show or next;

	my $pkgname = $parts[1];
	$pkgname =~ s/://;

	my $fn = "./active/$cve";
	-s $fn or $fn = "./embargoed/$cve";
	open CVE, $fn or (warn "Couldn't open '$fn'\n" and next);

	my $count = 0;
	my $in_patches = 0;
	while (<CVE>) {
		my $line = $_;
		chomp($line);
		if (/^\QPatches_$pkgname:\E/) {
			$in_patches = 1;
			next;
		}
		$in_patches or next;
		if ($line !~ /^\s+/) {
			$in_patches = 0;
			next;
		}

		if ($line =~ /^\s+debdiff:/) {
			$debdiff{$pkgname . "_" . $cve} .= "$line\n";
		} elsif ($line =~ /^\s+vendor:/) {
			$vendor{$pkgname . "_" . $cve} .= "$line\n";
		} elsif ($line =~ /^\s+upstream:/) {
			$upstream{$pkgname . "_" . $cve} .= "$line\n";
		} elsif ($line =~ /^\s+[a-z]+:/) {
			$patch{$pkgname . "_" . $cve} .= "$line\n";
		} else {
			# if get here, then have a malformed line
			print STDERR "Skipping $cve: $line \n";
			next;
		}
		$cves{$pkgname . "_" . $cve} = 1;
	}
	close(CVE);
	$seen{$cve} = 1;
}

foreach my $k (sort keys(%cves)) {
	my ($pkg, $cve) = split(/_/, $k);
	print "$pkg ($cve)\n";
	defined ($debdiff{$k}) and print "$debdiff{$k}";
	defined ($vendor{$k}) and print "$vendor{$k}";
	defined ($upstream{$k}) and print "$upstream{$k}";
	defined ($patch{$k}) and print "$patch{$k}";
	print "\n";
}