← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

#!/bin/sh

# Author: Jamie Strandboge <jamie@ubuntu.com>
# Author: Kees Cook <kees@ubuntu.com>
# Copyright (C) 2005-2010 Canonical Ltd.
#
# This script is distributed under the terms and conditions of the GNU General
# Public License, Version 2 or later. See http://www.gnu.org/copyleft/gpl.html
# for details.
#
# This script reports the status of CVE IDs passed as arguments to the
# script.

set -e
#
# Usage:
# ./scripts/cve_status CVE-XXXX-XXXX CVE-XXXX-XXXX
#

if [ "$1" = "-h" ]; then
	echo "./scripts/cve_status [-f] CVE-XXXX-XXXX CVE-XXXX-XXXX ..."
	exit 0
fi

just_status=yes
if [ "$1" = "-f" ]; then
	shift || true
	just_status=""
fi

if [ -z "$1" ]; then
	echo "Need to specify a CVE"
	exit 1
fi

oldest_release=$(PYTHONPATH="${PYTHONPATH:+$PYTHONPATH:}$(dirname "$0")" python -c 'import cve_lib ; print cve_lib.oldest_supported_release();')

HEADER_SEEN=
for c in "$@"
do
	c=$(echo "$c" | sed 's/[,:]//g')
	echo "$c" | egrep '^[0-9][0-9][0-9][0-9]\-[0-9][0-9][0-9][0-9]$' >/dev/null 2>&1 && c="CVE-$c"
	echo "$c" | egrep '^(CVE|EMB)-' >/dev/null 2>&1 || continue
	if [ -s "./retired/${c}" ]; then
		echo "$c (retired)"
		if [ -z "$just_status" ]; then
			echo ""
			cat "./retired/$c"
			echo ""
		fi
	elif [ -s "./ignored/${c}" ]; then
		echo "$c (ignored)"
		if [ -z "$just_status" ]; then
			echo ""
			cat "./ignored/$c"
			echo ""
		fi
	elif sed -e 's/#.*//' ./ignored/not-for-us.txt | fgrep -q "$c" ; then
		echo "$c (not for us)"
	elif [ -L "./embargoed" ] && [ -s "./embargoed/$c" ]; then
		echo "$c (embargoed)"
		if [ -z "$just_status" ]; then
			echo ""
			cat "./embargoed/$c"
			echo ""
		fi
	elif [ -s "./active/$c" ]; then
		TABLE=$(./scripts/ubuntu-table --supported 2>/dev/null)
		REPORT=$(echo "$TABLE" | egrep "$c")
		LINES=$(echo "$REPORT" | wc -l)
		if [ "$LINES" -gt 0 ] && [ -z "$HEADER_SEEN" ]; then
 			echo "$TABLE" | egrep "[[:space:]]+$oldest_release"
			HEADER_SEEN="yes"
		fi
		echo "$REPORT"
		if [ -z "$just_status" ]; then
			echo ""
			cat "./active/$c"
			echo ""
			# Need header again since CVE dump breaks continuity
			HEADER_SEEN=
		fi
	else
		echo "$c (not found)"
	fi
done