1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#!/usr/bin/python
# Author: Kees Cook <kees@ubuntu.com>
# Copyright (C) 2011 Canonical Ltd.
#
# Reports the version of the given package in the most recent USN for it
#
# Fetch the USN database first. Override location with --database
# wget http://people.canonical.com/~ubuntu-security/usn/database.pickle
#
import usn_lib
import optparse
import cve_lib
from source_map import version_compare
from lp_lib import UCTLaunchpad
parser = optparse.OptionParser()
parser.add_option("-D", "--database", help="Specify location of USN data (default 'database.pickle')", default="database.pickle")
parser.add_option("-r", "--release", help="Specify comma-separated list of which release to limit the search to (default is all)")
parser.add_option("-d", "--debug", dest="debug", help="Report additional debugging while processing", action='store_true')
(opt, args) = parser.parse_args()
uctlp = UCTLaunchpad(opt)
releases = None
if opt.release:
releases = opt.release.split(',')
else:
releases = [r for r in cve_lib.releases if cve_lib.is_active_release(r)]
usndb = usn_lib.USNdb(args, opt.database, releases, opt)
for pkg in args:
for rel in releases:
usns = usndb.get_usns(pkg, rel)
# if there are no usns reported for this package, then report
# the earliest version in this release. Usually this script is
# used to report pending cves between the last USN and what was
# just published.
if not usns:
print(uctlp.get_earliest_version(rel, pkg))
else:
print(usns[0])
|