1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/bin/sh
# Author: Jamie Strandboge <jamie@ubuntu.com>
# Author: Kees Cook <kees@ubuntu.com>
# Copyright (C) 2005-2010 Canonical Ltd.
#
# This script is distributed under the terms and conditions of the GNU General
# Public License, Version 2 or later. See http://www.gnu.org/copyleft/gpl.html
# for details.
#
# This script reports the status of CVE IDs passed as arguments to the
# script.
set -e
#
# Usage:
# ./scripts/cve_status CVE-XXXX-XXXX CVE-XXXX-XXXX
#
if [ "$1" = "-h" ]; then
echo "./scripts/cve_status [-f] CVE-XXXX-XXXX CVE-XXXX-XXXX ..."
exit 0
fi
just_status=yes
if [ "$1" = "-f" ]; then
shift || true
just_status=""
fi
if [ -z "$1" ]; then
echo "Need to specify a CVE"
exit 1
fi
oldest_release=$(PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(dirname "$0")" python -c 'import cve_lib ; print cve_lib.oldest_supported_release();')
HEADER_SEEN=
for c in "$@"
do
c=$(echo "$c" | sed 's/[,:]//g')
echo "$c" | egrep '^[0-9][0-9][0-9][0-9]\-[0-9][0-9][0-9][0-9]$' >/dev/null 2>&1 && c="CVE-$c"
echo "$c" | egrep '^(CVE|EMB)-' >/dev/null 2>&1 || continue
if [ -s "./retired/${c}" ]; then
echo "$c (retired)"
if [ -z "$just_status" ]; then
echo ""
cat "./retired/$c"
echo ""
fi
elif [ -s "./ignored/${c}" ]; then
echo "$c (ignored)"
if [ -z "$just_status" ]; then
echo ""
cat "./ignored/$c"
echo ""
fi
elif sed -e 's/#.*//' ./ignored/not-for-us.txt | fgrep -q "$c" ; then
echo "$c (not for us)"
elif [ -L "./embargoed" ] && [ -s "./embargoed/$c" ]; then
echo "$c (embargoed)"
if [ -z "$just_status" ]; then
echo ""
cat "./embargoed/$c"
echo ""
fi
elif [ -s "./active/$c" ]; then
TABLE=$(./scripts/ubuntu-table --supported 2>/dev/null)
REPORT=$(echo "$TABLE" | egrep "$c")
LINES=$(echo "$REPORT" | wc -l)
if [ "$LINES" -gt 0 ] && [ -z "$HEADER_SEEN" ]; then
echo "$TABLE" | egrep "[[:space:]]+$oldest_release"
HEADER_SEEN="yes"
fi
echo "$REPORT"
if [ -z "$just_status" ]; then
echo ""
cat "./active/$c"
echo ""
# Need header again since CVE dump breaks continuity
HEADER_SEEN=
fi
else
echo "$c (not found)"
fi
done
|